Last post Mar 09, 2012 01:57 PM by gww
Mar 07, 2012 01:29 PM|mcomco|LINK
Hello everybody! I have a web application in which i'm using form authentication with activ directory users on a domain. Everything runs well with the login form but I like to know if it is possible to do one step more: I need the user to be logged in automatically
if the current user (on client) is part of a specific Group. Don't have any problem to check if the user belongs to a group but I don't know how to log in the user into the application. I cannot use the windows authentication as I need the user to be able
to login manually with other name and password.
Mar 07, 2012 01:56 PM|hariyaano|LINK
check this link
Mar 07, 2012 02:07 PM|mcomco|LINK
Already had a look but there's no information about automatic log in.
Mar 08, 2012 07:25 PM|gww|LINK
Its not difficult to do this if you have used forms authentication before.
In IIS you will need to enable Integrated Windows Authentication and disable anonymous access
In the global.asax file, you can place your code that does the lookup in the role database in the Application_AuthenticateRequest sub or possibly even the Session_Start. You can also provide some code that loads the users memberof and check for memberships
to group sand assign a custom role if they belong to a group in AD.
<% @ Import Namespace="system.Security.Principal" %>
<% @ Import Namespace="System.Data" %>
<% @ Import Namespace="System.Data.SqlClient" %>
<% @ Import Namespace="System.DirectoryServices" %>
<% @ Import Namespace="System.Collections" %>
<% @ Import Namespace="System.Data.OleDb" %>
<% @ Import Namespace="System.Web.Security" %>
'Sub WindowsAuthentication_Authenticate(s As Object, e As WindowsAuthenticationEventArgs)
Sub Application_AuthenticateRequest(sender As Object, e As EventArgs)
Dim username as string
username = Request.ServerVariables("LOGON_USER")
username = replace(username, DomainName & "\", "")
Dim LDAPuser as string = ConfigurationSettings.AppSettings("LDAPAcctName")
Dim LDAPpass as string = ConfigurationSettings.AppSettings("LDAPPass")
Dim ADpath as string = ConfigurationSettings.AppSettings("LDAPstr")
If HttpContext.Current.User Is Nothing Then
Dim Conn as SQLConnection = New SQLConnection (ConfigurationSettings.AppSettings("ConnectionString"))
Dim SQLstr as String
SQLstr = "SELECT Groups.GroupName FROM UserRoles Roles INNER JOIN GroupNames Groups ON Roles.GroupID = Groups.GroupID INNER JOIN UserList Users ON Roles.UserID = Users.UserID AND Users.UserName ='" & username & "'"
Dim SQLCmd as SQLCommand = New SqlCommand(SQLstr, Conn)
Dim reader As SqlDataReader = SQLCmd.ExecuteReader()
Dim roleList As New ArrayList
Do While reader.Read()
Dim entry As DirectoryEntry = New DirectoryEntry(ADpath, LDAPuser, LDAPpass)
Dim obj As Object = entry.NativeObject
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(&(objectClass=user)(SAMAccountName=" & username & "))"
Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Dim groupColl as object
For Each groupColl in result.Properties("memberof")
Dim GroupArray as Array = groupColl.split(",")
SELECT GroupArray(0).replace("CN=", "")
CASE "NGWVDIST-WV APOCS"
Catch ex As Exception
Dim roleListArray As String() = roleList.ToArray(GetType(String))
Dim userIdentity as GenericIdentity = New GenericIdentity(username)
Dim userPrincipal as GenericPrincipal = new GenericPrincipal(userIdentity, roleListArray)
HttpContext.Current.User = userPrincipal
Catch Ex as Exception
I use Request.Server variables to grab the user name from the site and then remove the domain\ from it to search the database and load up the roles and in the web.config file just set your allows and denies.
<allow roles="Custom Role Name" />
<deny users="*" />
Also in the web.config I set the login page to an errors page that tells the user that he is not allowed access to that page but I do not provide an option to provide a user name and password.
<forms name=".authcookie"protection="All" loginUrl="errors/NotAthorizedAccess.aspx" timeout="30" path="/"/>
Mar 09, 2012 11:14 AM|mcomco|LINK
Thank you very much for the code. I just tried but seems that there's one problem: when the session starts the user is well logged in but HttpContext.Current.User
gets blank if I click at any page of the website..
Mar 09, 2012 01:57 PM|gww|LINK
The code should only execute if it tries to authenticate. Did you setup your web.config as shown? deny access to all and allow only the roles you wanted on a folder?