Search This Blog

Tuesday, November 12, 2013

Active directory role managing

...
<connectionStrings>
    ...
    <add name="ActiveDirCS"
        connectionString="LDAP://DC=YourDomain,DC=com"/>

</connectionStrings>
...
<roleManager enabled="true" defaultProvider="ActiveDirRP">
    <providers>
        <clear/>
        <add applicationName="MyApp"

            name="ActiveDirRP"
            type="DanielPS.Roles.ADRoleProvider"
            activeDirectoryConnectionString="ActiveDirCS"
            groupMode="Additive"
            groupsToUse="IT, Customer Service"
            groupsToIgnore="Senior Management"
            usersToIgnore="asmith, ksose"

            enableSqlCache="True"
            sqlConnectionString="SQLCacheCS"
            cacheTimeInMinutes="30" />
    </providers>

</roleManager>
...
·         Name should be specified as with any other role provider for reference in the web.config.

/// <span class="code-SummaryComment"><summary></span>
/// Retrieve listing of all roles to which a specified user belongs.
/// <span class="code-SummaryComment"></summary></span>
/// <span class="code-SummaryComment"><param name="username"></param></span>
/// <span class="code-SummaryComment"><returns>String array of roles</returns></span>
public override String[] GetRolesForUser(String username)
{
         ...
         //Create an ArrayList to store our resultant list of groups.
         ArrayList results = new ArrayList();
         //PrincipalContext encapsulates the server or domain against which all
         //operations are performed.
         using (PrincipalContext context = new PrincipalContext(ContextType.Domain,
             null, _DomainDN))
         {
                 try
                 {
                          //Create a referance to the user account we are querying
                           //against.
                          UserPrincipal p = UserPrincipal.FindByIdentity(context,
                               IdentityType.SamAccountName, username);
                          //Get the user's security groups.  This is necessary to
                           //return nested groups, but will NOT return distribution groups.
                          var groups = p.GetAuthorizationGroups();
                          foreach (GroupPrincipal group in groups)
                          {
                                   if (!_GroupsToIgnore.Contains(group.SamAccountName))
                                   {
                                            if (_IsAdditiveGroupMode)
                                            {
                                                    if (
                                                           _GroupsToUse.Contains(
                                                           group.SamAccountName))
                                                    {
                                                             results.Add(
                                                                    group.SamAccountName);
                                                    }
                                            }
                                            else
                                            {
                                                    results.Add(group.SamAccountName);
                                            }
                                   }
                          }
                 }
                 catch (Exception ex)
                 {
                          throw new ProviderException(
                               "Unable to query Active Directory.", ex);
                 }
         }
         ...
         return results.ToArray(typeof(String)) as String[];
}

No comments:

Post a Comment