locked
how to authorize database record access with ldap in asp.net mvc RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User799396372 posted

    hello

    i have an  application of Sales Orders management in asp.net mvc 4 project, and i want to apply LDAP authentication on that application, i haven't any idea  about how to apply authorization on database table records affected to user so that:

    the user that have admin role or groupe,  can view/ create/ edit/delete all orders of all Departments 

    the user with role authenticated user can only view/create/edit/delete the orders of its Department or subordinated Departments of its Department

    any help please?

    Friday, July 19, 2019 3:03 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User283571144 posted

    Hi Beginner32,

    According to your description,I suggest you could create a  custom AuthorizeAttribute for your MVC controllers (or action methods) that checked the user’s .IsMemberOf method to see if the member belonged the sought after group (or groups).

    Then if the user is not in the group couldn't access the controller or method.

    Codes like below:

    public class AuthorizeADAttribute : AuthorizeAttribute
{
    private bool _authenticated;
    private bool _authorized;

    public string Groups { get; set; }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        base.HandleUnauthorizedRequest(filterContext);

        if (_authenticated && !_authorized)
        {
            filterContext.Result = new RedirectResult("/error/notauthorized");
        }
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        _authenticated = base.AuthorizeCore(httpContext);

        if (_authenticated)
        {
            if (string.IsNullOrEmpty(Groups))
            {
                _authorized = true;
                return _authorized;
            }

            var groups = Groups.Split(',');
            string username = httpContext.User.Identity.Name;

            try
            {
                _authorized = LDAPHelper.UserIsMemberOfGroups(username, groups);
                return _authorized;
            }
            catch (Exception ex)
            {
                this.Log().Error(() => "Error attempting to authorize user", ex);
                _authorized = false;
                return _authorized;
            }
        }

        _authorized = false;
        return _authorized;
    }
}

    Usage:

    [AuthorizeAD(Groups="Some AD group name")]
public class HomeController : Controller
{
…
}

    More details, you could refer to below article:'

    http://www.benramey.com/2014/10/20/active-directory-authentication-in-asp-net-mvc-5-with-forms-authentication-and-group-based-authorization/ 

    Best Regards,

    Brando

    Monday, July 22, 2019 5:24 AM