Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Group Authenticated MVC EF WebApp

Deleted
Not applicable

Hey guys, I am completely new to Active Directory and I hope someone can explain where I could go to get what I need. I have a newly created MVC C# WebApp on my local machine that has been registered with an AD and would like to have different user roles to do different things like create/edit or just read data based on groups created in Active Directory.

 

The tutorial here has helped me so far. I have added one 'appRoles' which I am assuming is a group and its corresponding ID to the manifest of my app within AD. What I need to know is how I get that role value back and use it in my code to allow that group to create/edit data in my WebApp. Whatever I do just throws errors of different kinds.

 

Basically, how do I get a role (group?) back from AD and use it to set who can see certain pages, with the idea I would create more groups (roles) to have only read access or only write instead of edit. 

 

Here is the code I was trying to use in my _LoginPartial.cshtml to get back the role I wanted: 

@using System.Security.Claims

ViewBag.Role = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/ws/2008/06/identity/claims/role").Value;

 

Obviously it is not right but I don't know what I am missing... 

 

I have been at this for over a week now and I hit a dead end. Any help would be much appreciated!

 

All the best

2 Replies

I'm not a professional dev, so I can't answer your specific question, but I can tell you that this group is focused on Azure AD questions and that Azure AD is not the same as on-premises AD. I think that you may get more help if you find a group that is focused on MVC apps and/or AD.  

Awesome! I will look for some other communities but I figured I would start here. Thank you for the heads up!