locked
How to tell if a logged in Active Directory user is in a cetain AD group RRS feed

  • Question

  • User750266809 posted

    I have an app that forces Windows Auth.  I'll describe below the set up, I want to be able to modifiy my menu based on the AD group that the logged in user is in.  I have 2 groups allowed into the app at all, 1 group needs to see certain pages and the other group needs to see other pages (with some overlap). 

    I basically want to know from a web forms code behind what group they are in so I can act accordingly, is this possible???

    I'm successfully using "Page.User.Identity.Name" to get the logged in user, just now need to know if there are in a specific AD group or not...

            <authorization>
                <allow roles="ADGroup1, ADGroup2" />
                <deny users="*" />
            </authorization>
    

    I'm using the above which allows only users in either ADGroup1 or ADGroup2 into the app.

    I know I can rescrict page access using:

        <location path="page1.aspx">
            <system.web>
                <authorization>
                    <allow users="ADgroup1"/>
                    <deny users="*" />
                </authorization>
            </system.web>
        </location>


    But I need to know if a user is in a group or not to modify my menu...

     

     

    Thursday, May 29, 2014 6:07 PM

Answers

  • User697462465 posted

    Hi cwmizner,

    Based on your description, my understanding is that you would like to get the logged user AD, if so please try to refer the following code:

    string[] arr =
                System.Web.HttpContext.Current.Request.
                LogonUserIdentity.Name.Split('\\');

    Now you can use the AD name to control the menu.

    Best Regards,
    Terry Guo

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, June 2, 2014 11:23 PM