Pages

ADGroup Verification in ASP.NET Web Applications

Normally in Enterprise level , users will be provided access at the ADGroup level for the application that are hosted at the intranet and internet. The web application will contains the access related code. There are two to check this access at ADGroup.
1. LDAP QUERY
2. Net inbuilt method

The first one LDAP approach is more time consumable. Also to add more value, we will be using a service account to pull the Active Directory information. This is risk, we are pulling firm sensitive data from the Active Directory. Moreover to check a single ADGroup, we are pulling all the existing and verifying it via loop. This is a bad practice. And causes Performance issues.

The Dotnet inbuilt function IsInRole is simplest way to achieve this. we need to know the domain name where the ADGroup is in place. The syntax for this goes like this.

bool IsHavingAccess = HttpContext.Current.User.Identity.IsInRole(domain\Adgroup);


This will help us to just verify the access security and provide the result. So by using this method, we are nowhere pulling sensitive information and logic will be very fast. Hope this helps.

1 comment: