1. LDAP QUERY
2. Net inbuilt method
The first one LDAP approach is more time consumable. Also to add more value, we will be using a service account to pull the Active Directory information. This is risk, we are pulling firm sensitive data from the Active Directory. Moreover to check a single ADGroup, we are pulling all the existing and verifying it via loop. This is a bad practice. And causes Performance issues.
The Dotnet inbuilt function IsInRole is simplest way to achieve this. we need to know the domain name where the ADGroup is in place. The syntax for this goes like this.
bool IsHavingAccess = HttpContext.Current.User.Identity.IsInRole(domain\Adgroup);
This will help us to just verify the access security and provide the result. So by using this method, we are nowhere pulling sensitive information and logic will be very fast. Hope this helps.
CodeProject
No comments:
Post a Comment