.net - ASP.NET: Disallow certain Active Directory users -
i have asp.net mvc application uses windows authentication. our staff able use application without having log in. however, have generic, departmental ids in active directory users. how can make application disallow these users, if staffperson logged in computer 1 of these generic ideas, application make them log in?
thanks!
i'd put restricted department users ad group, put in web.config under authorizations denying specific group privileges.
see below example (departmentids ad group):
<?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" /> <authentication mode="windows" /> <authorization> <allow roles="domainname\authorizedusers" /> <deny users="domainnames\departmentids" /> </authorization> </system.web> </configuration>
users can specify as
<deny users="comma-separated list of users">
or can deny roles. there quite few options here. can permissions in iis directly, depending on web application, virtual directory, ntfs directory access. i'd stick web.config, i'm sure you'll hear other people few different options.
i read interesting article identity impersonate in .net, take look: http://msdn.microsoft.com/en-us/library/xh507fc5%28v=vs.90%29.aspx
Comments
Post a Comment