After several different trial and error expeditions, I finally have a working PageLoad event to check whether the currently logged in user is a member of a specific group in Active Directory.<\/p>\n
The first step I used was a stored procedure to get a list of the user’s groups in Active Directory. We needed this for another project and I just reused it for this one.<\/p>\n
USE [master] <\/code><\/p>\n The second step was I created another stored procedure that looks at the list of groups generated by the first stored procedure and sees whether the specific group being tested is in that list of groups. \nUSE [master] <\/code><\/p>\n The last step was putting the following in my PageLoad event of the page I want to protect based on the user being a member of a certain group.<\/p>\n \nstring LoggedOnUser; <\/code> <div id=\"admin\">Protected content here.<\/div><\/p>\n <\/code> tag. I have tested with multiple users and multiple groups and it seems to be working so far. I will easily be able to plug this in to any page on which I want to limit a user’s functionality based on their AD groups membership.<\/p>\n There are countless other ways to accomplish this, I’m sure, but this is the only one I was able to get to work rather easily.<\/p>\n","protected":false},"excerpt":{"rendered":" After several different trial and error expeditions, I finally have a working PageLoad event to check whether the currently logged in user is a member of a specific group in Active Directory. The first step I used was a stored procedure to get a list of the user’s groups in Active Directory. We needed this for another project and I just reused it for this one. USE [master] GO \/****** Object: StoredProcedure [dbo].[GetLdapUserGroups] Script Date: 11\/18\/2013 11:58:14 ******\/ SET ANSI_NULLS…<\/p>\n<\/p>\n
\nGO
\n\/****** Object: StoredProcedure [dbo].[GetLdapUserGroups] Script Date: 11\/18\/2013 11:58:14 ******\/
\nSET ANSI_NULLS ON
\nGO
\nSET QUOTED_IDENTIFIER ON
\nGO
\nCREATE PROCEDURE [dbo].[GetLdapUserGroups]
\n( @LdapUsername NVARCHAR(256) )
\nAS
\nBEGIN
\nDECLARE @Query NVARCHAR(1024), @Path NVARCHAR(1024)
\nSET @Query = 'SELECT @Path = distinguishedName FROM OPENQUERY(ADSI, '' SELECT distinguishedName FROM ''''LDAP:\/\/DC=YOURDOMAINHERE,DC=local'''' WHERE objectClass = ''''user'''' AND sAMAccountName = '''''
\n+ @LdapUsername + ''''' '') '
\nEXEC SP_EXECUTESQL @Query, N'@Path NVARCHAR(1024) OUTPUT', @Path = @Path OUTPUT
\nSET @Query = 'SELECT name AS LdapGroup FROM OPENQUERY(ADSI,'' SELECT name FROM ''''LDAP:\/\/DC=YOURDOMAINHERE,DC=local'''' WHERE objectClass=''''group'''' AND member='''''
\n+ @Path + ''''' '') ORDER BY name'
\nEXEC SP_EXECUTESQL @Query
\nEND
\nGO<\/p>\n
\n<\/p>\n
\nGO
\n\/****** Object: StoredProcedure [dbo].[GetLdapUserGroups] Script Date: 11\/18\/2013 09:35:37 ******\/
\nSET ANSI_NULLS ON
\nGO
\nSET QUOTED_IDENTIFIER ON
\nGO
\nCREATE PROCEDURE [dbo].[aer_IsUserInGroup]
\n( @LdapUsername NVARCHAR(256), @GroupName NVARCHAR(50) )
\nAS
\nBEGIN
\nCREATE TABLE #usergroups (groups VARCHAR(50))
\nINSERT INTO #usergroups
\nEXEC dbo.GetLdapUserGroups @LdapUsername = @LdapUsername
\nSELECT CASE WHEN @GroupName IN(SELECT groups FROM #usergroups) THEN 1 ELSE 0 END
\nEND<\/p>\n<\/p>\n
\nSystem.Type oType = System.Type.GetTypeFromProgID(\"Wscript.Network\");
\nobject pc = System.Activator.CreateInstance(oType);
\n\/\/Get NT userid data
\nLoggedOnUser = Request.ServerVariables[\"AUTH_USER\"];
\nint pos = LoggedOnUser.IndexOf('\\\\');
\nif (pos > 0)
\n{
\n LoggedOnUser = LoggedOnUser.Substring(pos + 1);
\n}
\nSqlCommand cmd = new SqlCommand();
\nSqlDataAdapter adp = new SqlDataAdapter();
\nint isingroup;
\nstring cs = null;
\ncs = \"Data Source=YOURSQLSERVER;Initial Catalog=master;User Id=USERID;Password=PASSWORD;\";
\nSqlConnection SQLCon = new SqlConnection(cs);
\ncmd = new System.Data.SqlClient.SqlCommand(\"aer_IsUserInGroup\", SQLCon);
\nSQLCon.Open();
\ncmd.CommandType = CommandType.StoredProcedure;
\nSystem.Data.SqlClient.SqlCommandBuilder.DeriveParameters(cmd);
\ncmd.Parameters[\"@LdapUsername\"].Value = LoggedOnUser;
\ncmd.Parameters[\"@GroupName\"].Value = \"msds\";
\n\/* \"msds\" is the AD Group of which the user must be a member *\/<\/span>
\nadp.SelectCommand = cmd;
\nisingroup = Convert.ToInt16(cmd.ExecuteScalar());
\nSQLCon.Close();
\nif (isingroup == 1)
\n{
\nadmin.Visible = true;
\n}<\/p>\n
\nThe content I wanted to make sure was not accessible by people who were not in this group I put inside a <\/p>\n