URL redirection based on UserRole in AD

Vote:
 

HI All,

Is there any way we can redirect user to a specific sub-url ( internal link of same domain) based upon UserRole or Group which are coming from AD?

For example : I have domain name : "www.abc.com" but i want Group A user should only see page : www.abc.com/GroupAPage when he browse www.abc.com site or any other page on this domain.

#181452
Aug 21, 2017 13:02
Vote:
 

Hi there.

What mechanism are you using to authenticate through? Thinking of ASP.NET Identity w. OWIN (Federated Authentication) vs. ASP.NET Membership. That helps us guide you towards a solution - e.g. if your claims are part of the Principal or not.

/Casper Aagaard Rasmussen

#181459
Aug 21, 2017 14:15
Vote:
 

We are using Okta which authenticate user from AD

#181462
Aug 21, 2017 14:39
Vote:
 

Which Okta product are you using, if its SIngleSigon/MultiFactor then it's an Owin-openid. Can you please confirm

#181512
Edited, Aug 23, 2017 10:39
Vote:
 

It is SingleSignOn 

#181513
Aug 23, 2017 10:54
Vote:
 

You may have a class inheriting from SynchronizingUserService in your solution, to synchronise your user's roles. 

Most probably code will be assigning the client URL in Owin Startup class.

You may have to add your logic in a redirection URL, where you could check the role of your authenticated user and redirect to most related URL.

(Not sure, this is the best solution, but in theory, this will work)

#181533
Aug 23, 2017 14:27
Vote:
 

Hi there.

Instead of (ab)using the ISyncronizingUserService, which is for a different purpose, we normally rely on the SecurityTokenValidated event within OpenIdConnect. After having retrieve the identity, resolved the role (from the claim collection), you'll want to do something similar to this:

                UrlBuilder urlBuilder = new UrlBuilder(url);
                urlBuilder.QueryCollection.Add(Signup.TicketQueryParameterName, signupTicket);

                notification.Response.Redirect(urlBuilder.Uri.OriginalString);
               
                notification.State = NotificationResultState.HandledResponse;

                return Task.FromResult(0);

The url variable holds where you want to redirect too. Notification is of the type Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification<Microsoft.IdentityModel.Protocols.OpenIdConnectMessage, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions> and is an argument within your event handler.

/Casper Aagaard Rasmussen

#181534
Aug 23, 2017 14:49
Vote:
 

+1 Rasmussen :)

#181535
Aug 23, 2017 14:59
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.