Restrict access to a WPF view based on AD group membership
-
18-04-2021 - |
Question
We have a WPF application. We would like to resrict access to the application based on the users AD group membership.
Could we do this as an attribute on each view, or as a check when the user starts the application?
Any code example would be appreciated.
Solution
The easiest way to do this on .NET 3.5 and up would be to use the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// get your group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");
// check if current user is member of that group
UserPrincipal user = UserPrincipal.Current;
if(user.IsMemberOf(group))
{
// do something here....
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow