M
MichaelAA
Guest
I am using ActiveDirectoryMembershipProvider to authenticate users against our Active Directory domain. This is for a Web Forms project in Visual Studio 2012.
For login page, I am using the asp:login control. I am using the following web.config settings to do authentication.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider
<providers>
<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
I would like to make a change to also verify that the user is part of a specific AD group. I was hoping to have three results of the user attempting to log in: 1) user is valid and a member of the group, can proceed. 2) User is valid but not a member of the group, tell user unauthorized. 3) User is not valid (bad username or password).
Does anyone have any recommendations on the best way to do this? I found that I can add an OnAuthenticate method to the Login control, but then I would have to manually tie into AD to verify the user is in the group. I was hoping this could be done at the same time the application was validating the user credentials. Is there a better way to do this, or is OnAuthenticate my best option?
Thanks.
Continue reading...
For login page, I am using the asp:login control. I am using the following web.config settings to do authentication.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider
<providers>
<add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName"/>
</providers>
</membership>
I would like to make a change to also verify that the user is part of a specific AD group. I was hoping to have three results of the user attempting to log in: 1) user is valid and a member of the group, can proceed. 2) User is valid but not a member of the group, tell user unauthorized. 3) User is not valid (bad username or password).
Does anyone have any recommendations on the best way to do this? I found that I can add an OnAuthenticate method to the Login control, but then I would have to manually tie into AD to verify the user is in the group. I was hoping this could be done at the same time the application was validating the user credentials. Is there a better way to do this, or is OnAuthenticate my best option?
Thanks.
Continue reading...