How do you use Active Directory to control access to your web site?

Platform: IIS 6 running on Windows Server 2003 SP2

You have created an Active Directory Security group, and want to use it to control access to a web page.

ASP.NET allows integration of Windows services into the web site. When a web page loads, you can authenticate the credentials of the user. A person without the proper credentials is redirected to another web page. The script iterates through each member of the security group.

The security group looks like this in AD
AD_Tree.JPG


This is a VB.NET script, which will run on IIS. It validates a user is in an AD group. The ordering of the OU string is important. It goes from most granular to least granular.

Imports System.DirectoryServices.ActiveDirectory
Imports System.DirectoryServices

'Validates the user with the Active Directory Group using LDAP
Public Function validate_group(ByVal caseID As String, ByVal groupName As String) As Boolean

Dim OuDn As String = groupName + ",OU=Pharm-AdminStaff,OU=Department of Pharmacology,ou=School of Medicine,ou=delegated Departments,dc=ads,dc=case,dc=edu"

Dim directoryObject As DirectoryEntry = New DirectoryEntry("LDAP://" + OuDn)

'Iterates all the members of the group
For Each dn As Object In directoryObject.Properties("member")
If dn.ToString.StartsWith("CN=" + caseID) Then

Return True
End If
Next
Return False

End Function

Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

If ValidateGroup(CaseID, GroupName) = False then
' User does not have the correct credentials
Response.Redirect("ErrorPage.aspx")
Else
' Correct credentials


End If

End Sub

Trackbacks

Trackback URL for this entry is: http://blog.case.edu/barry.lukoff/mt-tb.cgi/21347

Comments

Post a comment





If you have entered an email address in the box, clicking this checkbox will subscribe your email address to this entry so that you are notified if any updates or additional comments occur on the entry.