Is there any way we can redirect user to a specific sub-url ( internal link of same domain) based upon UserRole or Group which are coming from AD?
For example : I have domain name : "www.abc.com" but i want Group A user should only see page : www.abc.com/GroupAPage when he browse www.abc.com site or any other page on this domain.
What mechanism are you using to authenticate through? Thinking of ASP.NET Identity w. OWIN (Federated Authentication) vs. ASP.NET Membership. That helps us guide you towards a solution - e.g. if your claims are part of the Principal or not.
/Casper Aagaard Rasmussen
We are using Okta which authenticate user from AD
Which Okta product are you using, if its SIngleSigon/MultiFactor then it's an Owin-openid. Can you please confirm
It is SingleSignOn
You may have a class inheriting from SynchronizingUserService in your solution, to synchronise your user's roles.
Most probably code will be assigning the client URL in Owin Startup class.
You may have to add your logic in a redirection URL, where you could check the role of your authenticated user and redirect to most related URL.
(Not sure, this is the best solution, but in theory, this will work)
Instead of (ab)using the ISyncronizingUserService, which is for a different purpose, we normally rely on the SecurityTokenValidated event within OpenIdConnect. After having retrieve the identity, resolved the role (from the claim collection), you'll want to do something similar to this:
UrlBuilder urlBuilder = new UrlBuilder(url);
notification.State = NotificationResultState.HandledResponse;
The url variable holds where you want to redirect too. Notification is of the type Microsoft.Owin.Security.Notifications.SecurityTokenValidatedNotification<Microsoft.IdentityModel.Protocols.OpenIdConnectMessage, Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions> and is an argument within your event handler.
+1 Rasmussen :)