Last post Jul 22, 2013 09:15 AM by MichaelAA
Jul 22, 2013 09:15 AM|MichaelAA|LINK
I am using ActiveDirectoryMembershipProvider to authenticate users against our Active Directory domain. This is for a Web Forms project in Visual Studio 2012.
For login page, I am using the asp:login control. I am using the following web.config settings to do authentication.
<membership defaultProvider="AspNetActiveDirectoryMembershipProvider"> <providers> <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=188.8.131.52, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADService" attributeMapUsername="sAMAccountName"/> </providers> </membership>
I would like to make a change to also verify that the user is part of a specific AD group. I was hoping to have three results of the user attempting to log in: 1) user is valid and a member of the group, can proceed. 2) User is valid but not a member
of the group, tell user unauthorized. 3) User is not valid (bad username or password).
Does anyone have any recommendations on the best way to do this? I found that I can add an OnAuthenticate method to the Login control, but then I would have to manually tie into AD to verify the user is in the group. I was hoping this could be done
at the same time the application was validating the user credentials. Is there a better way to do this, or is OnAuthenticate my best option?