Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restrict access to a WPF view based on AD group membership

We have a WPF application. We would like to resrict access to the application based on the users AD group membership.

Could we do this as an attribute on each view, or as a check when the user starts the application?

Any code example would be appreciated.

like image 982
Shiraz Bhaiji Avatar asked Jan 23 '12 11:01

Shiraz Bhaiji


1 Answers

The easiest way to do this on .NET 3.5 and up would be to use the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

  • Managing Directory Security Principals in the .NET Framework 3.5
  • MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// get your group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

// check if current user is member of that group
UserPrincipal user = UserPrincipal.Current;

if(user.IsMemberOf(group))
{
   // do something here....     
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

like image 166
marc_s Avatar answered Nov 15 '22 00:11

marc_s