Try our conversational search powered by Generative AI!

URL redirection based on UserRole in AD


HI All,

Is there any way we can redirect user to a specific sub-url ( internal link of same domain) based upon UserRole or Group which are coming from AD?

For example : I have domain name : "" but i want Group A user should only see page : when he browse site or any other page on this domain.

Aug 21, 2017 13:02

Hi there.

What mechanism are you using to authenticate through? Thinking of ASP.NET Identity w. OWIN (Federated Authentication) vs. ASP.NET Membership. That helps us guide you towards a solution - e.g. if your claims are part of the Principal or not.

/Casper Aagaard Rasmussen

Aug 21, 2017 14:15

We are using Okta which authenticate user from AD

Aug 21, 2017 14:39

Which Okta product are you using, if its SIngleSigon/MultiFactor then it's an Owin-openid. Can you please confirm

Edited, Aug 23, 2017 10:39

It is SingleSignOn 

Aug 23, 2017 10:54

You may have a class inheriting from SynchronizingUserService in your solution, to synchronise your user's roles. 

Most probably code will be assigning the client URL in Owin Startup class.

You may have to add your logic in a redirection URL, where you could check the role of your authenticated user and redirect to most related URL.

(Not sure, this is the best solution, but in theory, this will work)

Aug 23, 2017 14:27

Hi there.

Instead of (ab)using the ISyncronizingUserService, which is for a different purpose, we normally rely on the SecurityTokenValidated event within OpenIdConnect. After having retrieve the identity, resolved the role (from the claim collection), you'll want to do something similar to this:

                UrlBuilder urlBuilder = new UrlBuilder(url);
                urlBuilder.QueryCollection.Add(Signup.TicketQueryParameterName, signupTicket);

                notification.State = NotificationResultState.HandledResponse;

                return Task.FromResult(0);

The url variable holds where you want to redirect too. Notification is of the type Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification<Microsoft.IdentityModel.Protocols.OpenIdConnectMessage, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions> and is an argument within your event handler.

/Casper Aagaard Rasmussen

Aug 23, 2017 14:49

+1 Rasmussen :)

Aug 23, 2017 14:59
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.