How do check if user is a valid LDAP user OR a AD user on our domain to access a method?

Question

The first part is done using the MVC Authorize tag on the method

Now I need a way to also let user on our AD domain access. So the first thing I have done is created a custom authorization.. The code below shows what I am trying to do.. How do I do it? Or is it a simple addition to my config perhaps?

  public class AuthorizeUserAttribute : AuthorizeAttribute
{
    public string AccessLevel { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);

        //act as normal
        if (isAuthorized)
        {
            return true;
        }
        //check in AD member
        else
        {
            //Some code to check if the user who put the URL in the browser is a AD user on our domain???? 
            //return true
            //else
            return false;
        }
    }
}

Check this thread: http://stackoverflow.com/questions/37050930/userprincipal-findbyidentity-always-returns-null. Seems like you can get NT4 name from httpContext.User.Identity.Name (e. g. CONTOSO\UserName) where UserName (sAMAccountName) can be used as a search filter. Also CONTOSO is an NetBIOS domain name. You can compare it with the NetBIOS name of the requested domain to avoid an AD query. The cons of the NetBIOS solution are that user may be already removed, and (I do really doubt that this is possible due to DNS restrictions) some other domain may have the same NetBIOS name — oldovets, Oct 19 '16 at 22:05

How do check if user is a valid LDAP user OR a AD user on our domain to access a method?

0 Answers0