SharePoint security + AD groups

5 down vote

Expanding on what others have written above, in SharePoint 2010 and 2013 it depends on the type of authentication you’ve setup your Web Application with.

For classic mode you only have windows authentication so NT AUTHORITY\authenticated users will grant access to anyone that can authenticate with a valid windows credential.

For claims mode you’ll have at least three options:

  1. All Authenticated Users – All users regardless of authentication type used
  2. All Users (windows) – All users that authenticate with windows authentication
  3. All Users (providername) – All users that authenticate with forms authentication, you should replace providername with the name of the provider you defined for that Web Application / Zone

You can also use the encoded claims which is quite handy and faster to resolve:

  • All Authenticated Users = c:0(.s|true
  • All Users (windows) = c:0!.s|windows
  • All Users (provider) = c:0!.s|forms:provider

You can also use the Domain Users domain group which may be a good choice if you have trusts with multiple domains and only want to grant access to a few domains instead of all authenticated users from all domains. In that case just use DOMAIN\domain users.

 

Adding Active directory group in SharePoint group

This code will help you to add the Active Directory Group in the Custom SharePoint Group. Consider the situation you need to give the access permission to multiple users on the basis of department wise or any category based which is already created in AD. Now add this group in SharePoint group to simplify the process. This will add the new sharepoint group programmatically and the AD group in to it.

           SPWeb web = SPContext.Current.Web;
            web.AllowUnsafeUpdates = true;
            web.SiteGroups.Add("Champion10", web.CurrentUser, web.CurrentUser, string.Empty);
        
            SPGroup group= web.SiteGroups["Champion10"];
            SPRoleAssignment roleAssignment = new SPRoleAssignment(group);
            SPRoleDefinition roleDefinition = web.RoleDefinitions["Full Control"];
            roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
            web.RoleAssignments.Add(roleAssignment);

            SPUser AdGroup = web.EnsureUser("MurugesanAD");
           //This line will do the trick.You can also ensure by using the  bool isAD=AdGroup.IsDomainGroup

            group.AddUser(g);

      
            web.Update();
            web.AllowUnsafeUpdates = false;
        
            Literal1.Text = "Done";

It\'s only fair to share...Digg thisBuffer this pageShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0Pin on Pinterest0Share on StumbleUpon0Share on Tumblr0

Leave a Reply

Your email address will not be published. Required fields are marked *