The code below works with my AD account groups and the login page goes to the page i need (mysecurepage.aspx) after I login using the username and password from the AD group.
However, im having a bit of trouble securing the page in preventing the user from being able to access the page through its URL outside of the login. Can't find an answer for this can anybody assist?
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
End Sub
Public Class AllowedADGroup
Public GroupName As String
Public AssociatedUserType As String
End Class
Public Function UserHasPreferencesAccess(ByVal UserName As String, ByVal Password As String) As Boolean
Dim result As Boolean = False
Dim referringPageName As String = "mystring"
Dim actualADGroups As List(Of String) = GetGroups(UserName, Password)
Dim matchingAllowedADGroup As AllowedADGroup = ADgroupsContainAnAllowedGroup(referringPageName, actualADGroups)
If matchingAllowedADGroup IsNot Nothing Then
'has a valid group
result = True
End If
Return result
End Function
Public Function GetGroups(UserName, password) As List(Of String)
Dim domainName As String = IPGlobalProperties.GetIPGlobalProperties().DomainName
Dim context As PrincipalContext = New PrincipalContext(ContextType.Domain, domainName)
Dim usr As UserPrincipal = UserPrincipal.FindByIdentity(context, UserName)
Dim result As New List(Of String)
'verify credentials first
If context.ValidateCredentials(UserName, password) = True Then
' if found - grab its groups
If Not usr Is Nothing Then
Dim groups As PrincipalSearchResult(Of Principal)
groups = usr.GetAuthorizationGroups()
' iterate over all groups
For Each p As Principal In groups
' make sure to add only group principals
If TypeOf (p) Is GroupPrincipal Then
result.Add((CType(p, GroupPrincipal).Name))
End If
Next
End If
End If
Return result
End Function
Private Function GetAllowedActiveDirectoryGroups(ByVal requestingProductName As String) As List(Of AllowedADGroup)
Dim retval As New List(Of AllowedADGroup)
Dim sqlCon As New SqlConnection(ConfigurationManager.ConnectionStrings("ConString").ConnectionString)
Dim sqlCmd As New SqlCommand("Client.GetAllowedActiveDirectoryGroups", sqlCon)
sqlCmd.CommandType = CommandType.StoredProcedure
sqlCmd.Parameters.Add("@RequestingProductName", SqlDbType.VarChar, 50)
sqlCmd.Parameters("@RequestingProductName").Value = requestingProductName
sqlCon.Open()
Dim sqlr As SqlDataReader = sqlCmd.ExecuteReader()
While sqlr.Read()
Dim newADGroup As New AllowedADGroup
If Not sqlr.IsDBNull(0) Then newADGroup.GroupName = sqlr.GetString(0)
If Not sqlr.IsDBNull(1) Then newADGroup.AssociatedUserType = sqlr.GetString(1)
retval.Add(newADGroup)
End While
Return retval
End Function
Private Function ADgroupsContainAnAllowedGroup(ByVal nameOfCallingProduct As String, ByVal adGroups As List(Of String)) As AllowedADGroup
Dim retVal As AllowedADGroup = Nothing
Dim allowedADGroups As List(Of AllowedADGroup) = GetAllowedActiveDirectoryGroups(nameOfCallingProduct)
'Check user's AD security groups include one that's allowed e.g. "myPreferenceUsers"
For Each grp As String In adGroups
For Each allowedGroup In allowedADGroups
If String.Compare(grp, allowedGroup.GroupName, True) = 0 Then
retVal = allowedGroup
Exit For 'Exit inner for
End If
Next
If Not retVal Is Nothing Then
Exit For
End If
Next
If retVal Is Nothing Then
End If
Return retVal
End Function
Protected Sub btnLogin_Click(sender As Object, e As EventArgs)
If UserHasPreferencesAccess(txtUserName.Text, txtPassword.Text) Then
Response.Redirect("~/mysecurepage.aspx")
Else
messagebox.Text = "Login failed. Please check your user name and password and try again."
End If
End Sub