Click here to Skip to main content
13,089,500 members (59,688 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


22 bookmarked
Posted 7 Feb 2013

Authenticating a Web service with Active Directory group

, 7 Feb 2013
Rate this:
Please Sign up or sign in to vote.
I struggled for four weeks trying to authenticate my Web service with AD group, I wanted to allow specific users to perfom specific tasks with the project. So finally I got it working and I thought I'll share this.


This code allows a specif user from active directory to perform a specific task i.e viewing important employee information (companies can't allow every employee to have access to that kind of information)

Using the code

using System.ServiceModel;
using System.DirectoryServices.AccountManagement;

Firstly I have my web.config which looks like this (I won't post the whole file):

    <authentication mode="Windows" />
    <compilation debug="true" targetFramework="4.0" />
    <customErrors mode="RemoteOnly" />
    <trust level="Full" />
    <identity impersonate="false" />
        <binding name="BasicHttpEndpointBinding">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" >
              <extendedProtectionPolicy policyEnforcement="Always" />

I have two functions, and each function can be processed by a certain group of people from the AD groups. This is what I did on my functions on the service implementation:

[OperationBehavior(Impersonation = ImpersonationOption.Allowed)]
Public MyFunction()
//Finds the user in Active Directory  
string whoAmI = ServiceSecurityContext.Current.PrimaryIdentity.Name;
//Sets the context to domain    
PrincipalContext context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName);

//Specifies the context to use and the group name to look for
 GroupPrincipal group = GroupPrincipal.FindByIdentity(context, "APP_EMPLOYEEWS_BIO");
//Sets the user to look for
 UserPrincipal user = UserPrincipal.FindByIdentity(context,whoAmI)
//Checks if the user is the member of the group, if not throws an exceptions else processes the function
 throw new SecurityException("Access Denied: User has no permission to process the request");
              {        //Code to process here }

I hope someone will find this helpful and not struggle as i did.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Thando Khumalo
South Africa South Africa
No Biography provided

You may also be interested in...


Comments and Discussions

QuestionFlowers and gifts are the best way to express love on Mother’s Day Pin
Member 1064722122-Apr-14 3:10
memberMember 1064722122-Apr-14 3:10 
QuestionFlora orchid delight hamper on Mother’s Day Pin
Member 106472215-Mar-14 20:09
memberMember 106472215-Mar-14 20:09 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.170813.1 | Last Updated 7 Feb 2013
Article Copyright 2013 by Thando Khumalo
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid