Как проверить, находится ли пользователь в доменной группе, имеющей доступ к ресурсу?
My application has basic authentication and runs under Application pool Integrated-Network service. Web Config file has list of domain groups (office\admin,office\sales), defined which has access to the some file resource. How do i check if user belongs to those groups or not and decide if he can read access those resource.
Если вы посмотрите на мой код,
линия
var userGroups = context.Request.LogonUserIdentity.Groups;
возвращает {ы-#-##-###} вид группы.
и строчка ниже
hasPermission = userGroups.Contains(account.Translate(typeof(SecurityIdentifier)));//throws exception
An exception of type 'System.Security.Principal.IdentityNotMappedException' occurred in mscorlib.dll but was not handled in user code Additional information: Some or all identity references could not be translated.
Что я уже пробовал:
public void ProcessRequest(HttpContext context) { //Get a collection of Groups the user belongs to var userGroups = context.Request.LogonUserIdentity.Groups; if (userGroups.Count > 0) { if (HasPermision(userGroups)) { string urlRequested = context.Request.RawUrl.ToLower(); string fileName = Path.GetFileName(urlRequested); string fileServer = collection["FileServer"]; var filePath = (fileServer + urlRequested.Replace("/", "\\")); var fileExtension = urlRequested.Substring(urlRequested.LastIndexOf(".", System.StringComparison.Ordinal) + 1); try { context.Response.Write("do some works..."); } catch (Exception ex) { throw new Exception(ex.Message); } } } else { context.Response.StatusCode = 403; context.Response.Flush(); } } public bool HasPermision(IdentityReferenceCollection userGroups) { bool hasPermission = false; //The security group you want to check the user belongs to NTAccount account; // get authorized groups from config files string[] authorizedGroups = collection["AuthorizedGroups"].Replace(" ", "").ToUpper().Split(','); foreach (var group in authorizedGroups) { account = new NTAccount(group); // Check if user is in the groups hasPermission = userGroups.Contains(account.Translate(typeof(SecurityIdentifier)));//throws exception if (hasPermission) return hasPermission; } return hasPermission; }