We have a WPF application. We would like to resrict access to the application based on the users AD group membership.
Could we do this as an attribute on each view, or as a check when the user starts the application?
Any code example would be appreciated.
The easiest way to do this on .NET 3.5 and up would be to use the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// get your group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");
// check if current user is member of that group
UserPrincipal user = UserPrincipal.Current;
if(user.IsMemberOf(group))
{
// do something here....
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!