I'm trying to figure out how to allow only a single active directory role/group to access an intranet website that I'm creating. It is a trouble ticketing site, and I only want employees who are in the CallTrackingSystemUsers Windows group to be able to access this site. I am using windows authentication, and AspNetWindowsTokenRoleProvider for role management. In my web.config file, I have the following (MyDomain is the windows 2003 domain I'm working in):
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
<allow roles="MyDomain\CallTrackingSystemUsers" />
</authorization>
The above denies anonymous access to the website, and I also figured that it would only allow Windows users in the group CallTrackingSystemUsers to log into the site, but it is also allowing other Windows AD users (who are NOT in the group CallTrackingSystemUsers) to log in as well.
I would like to know if there is a simple solution for allowing ONLY users in the windows active directory group CallTrackingSystemUsers to access the website. I don't want any Windows users to access the website unless they are in the CallTrackingSystemUsers group.
The current solution I have is to redirect users to an error page if they are not in the CallTrackingSystemUsers group. I check for this in the Page_Load event:
if (!User.IsInRole("MyDomain\\CallTrackingSystemUsers"))
{
Response.Redirect("error.aspx");
}
I have to insert the above code into every page on my website. There has to be a better solution than this in asp.net... help?