Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > c sharp > answers

ADSI using Asp.net

YRao
Guest
  
Posts: n/a
#1: Nov 17 '05

I am going to create intranet application using Windows Authentication
[W2k Active Directory users] using C# asp.net

I am having following problem:

1 setting windows Authentication, it will validate for all users, user name
and password from ADSI before entering into application this is working fine.
Problem Is I am going to categorize users based on their Title properties
value

Eg: if Title = Accounts that user going to Access that related pages
Likewise different users going to access different pages.
I need solution for this how to do this using windows
Authentication

- How to retrieve Active Directory users properties into intranet
application using asp.net.


Any suggestion or related link,
any help would be greatly appreciated.

Thanks

Waleed Mallouk
Guest
  
Posts: n/a
#2: Nov 17 '05

re: ADSI using Asp.net

What you want to achieve here is 2 different things:
The first thing is Authentication
The other thing is Authorization

The solution involves merging Windows Integrated Authentication with Role
Bases Authorization

Role-based Authorization is built on the premise that users are
authenticated, which is the process of identifying the user. Once identified,
the user can be authorized or, assigned roles and permissions. Credentials
like a username and password are usually provided to authenticate users, and
this information is used to create a security principal representing this
user's identity at runtime. The .NET Framework object model includes built-in
support to work with Windows

To understand how this security principal is used by the runtime it is
important to consider the relationship between the running process, the
application domain, and the assemblies loaded within that application domain

By default the process runs under the logged in user's Windows identity, and
this governs what resources can be accessed by any thread of execution within
that process, yet, each thread of execution can also be assigned an identity
which governs how role-based security checks are evaluated at runtime

ASP.NET process identity is identified by the <processModel> section of the
machine.config. Unless the worker process is asked to impersonate another
account, this is the identity that governs your Web application's access to
system resources such as the file system, the Windows registry, and the
database if integrated Windows accounts are used

When your application uses Windows authentication, ASP.NET automatically
constructs a WindowsPrincipal that is attached to the context of the current
Web request (using HttpContext.User). After the authentication process is
complete and ASP.NET has attached to object to the current request, it is
used for all subsequent .NET role-based authorization.
The Windows group membership of the authenticated caller is used to
determine the set of roles. With Windows authentication, .NET roles are the
same as Windows groups.
You can get the groups using code like this
void WindowsAuthentication_Authenticate(object sender,
WindowsAuthenticationEventArgs e)
{
String[] roleStrng = GetUserRoles();
e.User = new GenericPrincipal(e.Identity, roleStrng);
}
private string[] GetUserRoles()
{
AppDomain myDomain = Thread.GetDomain();
myDomain.SetPrincipalPolicy(PrincipalPolicy.Window sPrincipal);
ArrayList al = new ArrayList();

WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
Array wbirFields = Enum.GetValues(GetType(WindowsBuiltInRole));

foreach (object roleName in wbirFields)
{
try
{
if (myPrincipal.IsInRole((WindowsBuiltInRole)roleName ))
al.Add(roleName.ToString());
}
catch{};

}
return (string[])(al.ToArray(typeof(string)));
}


http://msdn.microsoft.com/library/de...SecNetch03.asp
http://www.15seconds.com/issue/041208.htm
http://www.eggheadcafe.com/articles/20020418.asp


Best Regards,
Waleed K. Mallouk

Solutions Architect

"YRao" wrote:
[color=blue]
>
> I am going to create intranet application using Windows Authentication
> [W2k Active Directory users] using C# asp.net
>
> I am having following problem:
>
> 1 setting windows Authentication, it will validate for all users, user name
> and password from ADSI before entering into application this is working fine.
> Problem Is I am going to categorize users based on their Title properties
> value
>
> Eg: if Title = Accounts that user going to Access that related pages
> Likewise different users going to access different pages.
> I need solution for this how to do this using windows
> Authentication
>
> - How to retrieve Active Directory users properties into intranet
> application using asp.net.
>
>
> Any suggestion or related link,
> any help would be greatly appreciated.
>
> Thanks
>[/color]
YRao
Guest
  
Posts: n/a
#3: Nov 17 '05

re: ADSI using Asp.net

Thanks "Waleed Mallouk"

I got detailed solution from you.Now I will proceed my work.

i am having one more problem that is
-i am going to retrieve users based on Title properties in AD

Thanks
-YRao


"Waleed Mallouk" wrote:
[color=blue]
> What you want to achieve here is 2 different things:
> The first thing is Authentication
> The other thing is Authorization
>
> The solution involves merging Windows Integrated Authentication with Role
> Bases Authorization
>
> Role-based Authorization is built on the premise that users are
> authenticated, which is the process of identifying the user. Once identified,
> the user can be authorized or, assigned roles and permissions. Credentials
> like a username and password are usually provided to authenticate users, and
> this information is used to create a security principal representing this
> user's identity at runtime. The .NET Framework object model includes built-in
> support to work with Windows
>
> To understand how this security principal is used by the runtime it is
> important to consider the relationship between the running process, the
> application domain, and the assemblies loaded within that application domain
>
> By default the process runs under the logged in user's Windows identity, and
> this governs what resources can be accessed by any thread of execution within
> that process, yet, each thread of execution can also be assigned an identity
> which governs how role-based security checks are evaluated at runtime
>
> ASP.NET process identity is identified by the <processModel> section of the
> machine.config. Unless the worker process is asked to impersonate another
> account, this is the identity that governs your Web application's access to
> system resources such as the file system, the Windows registry, and the
> database if integrated Windows accounts are used
>
> When your application uses Windows authentication, ASP.NET automatically
> constructs a WindowsPrincipal that is attached to the context of the current
> Web request (using HttpContext.User). After the authentication process is
> complete and ASP.NET has attached to object to the current request, it is
> used for all subsequent .NET role-based authorization.
> The Windows group membership of the authenticated caller is used to
> determine the set of roles. With Windows authentication, .NET roles are the
> same as Windows groups.
> You can get the groups using code like this
> void WindowsAuthentication_Authenticate(object sender,
> WindowsAuthenticationEventArgs e)
> {
> String[] roleStrng = GetUserRoles();
> e.User = new GenericPrincipal(e.Identity, roleStrng);
> }
> private string[] GetUserRoles()
> {
> AppDomain myDomain = Thread.GetDomain();
> myDomain.SetPrincipalPolicy(PrincipalPolicy.Window sPrincipal);
> ArrayList al = new ArrayList();
>
> WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
> Array wbirFields = Enum.GetValues(GetType(WindowsBuiltInRole));
>
> foreach (object roleName in wbirFields)
> {
> try
> {
> if (myPrincipal.IsInRole((WindowsBuiltInRole)roleName ))
> al.Add(roleName.ToString());
> }
> catch{};
>
> }
> return (string[])(al.ToArray(typeof(string)));
> }
>
>
> http://msdn.microsoft.com/library/de...SecNetch03.asp
> http://www.15seconds.com/issue/041208.htm
> http://www.eggheadcafe.com/articles/20020418.asp
>
>
> Best Regards,
> Waleed K. Mallouk
>
> Solutions Architect
>
> "YRao" wrote:
>[color=green]
> >
> > I am going to create intranet application using Windows Authentication
> > [W2k Active Directory users] using C# asp.net
> >
> > I am having following problem:
> >
> > 1 setting windows Authentication, it will validate for all users, user name
> > and password from ADSI before entering into application this is working fine.
> > Problem Is I am going to categorize users based on their Title properties
> > value
> >
> > Eg: if Title = Accounts that user going to Access that related pages
> > Likewise different users going to access different pages.
> > I need solution for this how to do this using windows
> > Authentication
> >
> > - How to retrieve Active Directory users properties into intranet
> > application using asp.net.
> >
> >
> > Any suggestion or related link,
> > any help would be greatly appreciated.
> >
> > Thanks
> >[/color][/color]
Closed Thread

« previous question | next question »

Similar C# / C Sharp bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,471 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved