current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite
1

I am currently trying to create a website that authenticates users against AD but I cannot seem to find a good resource for examples. To start with I would just like to give all AD users access to the site. I have a Windows 2008 r2 server running IIS and Active Directory roles for testing purposes.

I know that you must add a connection string as shown in ASP.NET MVC - Authenticate users against Active Directory, but require username and password to be inputted. But some sort of example showing models, views and controllers as well as the web.config file would help greatly.

Thanks in advance

share|improve this question
    
Windows Authentication –  Romoku Jan 29 '13 at 19:12
    
Follow this tutorial, it was the first that came up if you use google: asp.net/mvc/tutorials/older-versions/security/… –  jwillmer Jan 29 '13 at 19:16
    
see cmjackson.net/2009/10/23/… (it's Visual Basic but it gives a general idea of how to do it) –  tazyDevel Jan 29 '13 at 19:21
    
jwillmer, thank you, I have seen that tutorial before but was put off by the fact that it states that windows authentication is for intRAnet applications. I think that the problem was my understanding of internet and intranet applications. I thought that an intranet application was one that could only be used on a specific domain. Derr! thanks again –  user2008963 Jan 29 '13 at 19:22
    
possible duplicate of Validate a username and password against Active Directory? –  John Koerner Jan 30 '13 at 3:53

3 Answers 3

up vote 0 down vote accepted

I'm going to go ahead and answer since I'm doing precisely this on our company's internal web app and if I'm doing it wrong, this is how I'm going to find out.

When the user comes to your web site, you'll have UserPrincipal.Current.SamAccountName. So all you need to do is something like this:

DirectoryEntry de = new DirectoryEntry("LDAP://" + adDomain);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(sAMAccountName=" + UserPrincipal.Current.SamAccountName + ")";
ds.PropertiesToLoad.Add("cn");
ds.PropertiesToLoad.Add("name");
ds.PropertiesToLoad.Add("mail");
SearchResult sr = ds.FindOne();
if (sr == null)
{
    // not found
}
...

So if you don't get a SearchResult returned, they wouldn't be authenticated against your AD domain... Hope I'm doing it right ;)

share|improve this answer
    
Feel free to downvote my answer, but at least explain what's wrong with it if you're going to do that. –  Pete Jan 29 '13 at 19:35
    
Look at my comment above. The active directory authentication is already implemented you can easily add it by using the Intranet-Template. –  jwillmer Jan 29 '13 at 20:14
    
@jwillmer I don't think that's a valid reason to down vote the answer. What Pete wrote and what you wrote are not the same. Answers ought to be downvoted if they're technically inaccurate or don't contribute to the question. I don't have enough knowledge to determine the former for this one, but this answer does attempt to contribute. I'm up voting this to equalize. –  jason Feb 1 '13 at 15:58
up vote 0 down vote

To enable user2008963 to close/accept this question I post my comment as answer.

Use the Intranet-Template to get the preconfigurated active directory authentication in your project. A tutorial about this authentication methode can be found at this link. It's not the newest one and if you are not sattisfied with it just google for a better one.

If you need the current username and his roles in the active directory you can use User.Identity, described at this link. To add role authentication at controller/action level you can do it like this:

[Authorize(Roles = "ADMIN")]
public class AdministrationController : Controller
{
    [Authorize(Roles = "SUPERADMIN")]
    public ActionResult SuperAdmin()
    {
        return View();
    }
}

Hope with this I can get your started ;-)

share|improve this answer
up vote 0 down vote

The Wordpress plugin Simple Intranet provides a free Active Directory plugin add-on that works well. That is if you are able to support WordPress in a self-hosted environment. :)

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.