Alternatively, Coupled with the Same you can generate and ldap Authentication function using active directory services. With this you will be able to log on to the System only when the user logs in from the specified domain set by the IT Administrator group.

You can also find a sample code for the same and can develop based on the same.

using System.Text;
using System.Collections;
using System.DirectoryServices;
using System;
using System.DirectoryServices.AccountManagement;
using System.ServiceModel;namespace ClassLibrary
{
    public class LdapAuthentication
    {
        #region Variables/Constructor
        private string _path;
        private string _filterAttribute;

        public LdapAuthentication(string path) 
        {
            //to initialize the Active Directory path
            _path = path;
        }
        #endregion

        #region User Authentication
        public bool IsAuthenticated(string domain, string username, string pwd)
        {
 #region Active Directory Direct Connection
            //accepts a domain name, user name and password as parameters and returns bool to indicate whether or not the user with 
            //a matching password exists within Active Directory. The method initially attempts to bind to Active Directory using the 
            //supplied credentials. If this is successful, the method uses the DirectorySearcher managed class to search for the 
            //specified user object. If located, the _path member is updated to point to the user object and the _filterAttribute member 
            //is updated with the common name attribute of the user object

            string domainAndUsername = domain + @"\" + username;
            DirectoryEntry entry = new DirectoryEntry(_path,  domainAndUsername, pwd);
            try
            {               
                // Bind to the native AdsObject to force authentication.
                Object obj = entry.NativeObject;
                DirectorySearcher search = new DirectorySearcher(entry);
                search.Filter = "(SAMAccountName=" + username + ")";             
                search.PropertiesToLoad.Add("CN");
                SearchResult result = search.FindOne();
                if (null == result)
                {
                    return false;
                }
                // Update the new path to the user in the directory
                _path = result.Path;
                _filterAttribute = (String)result.Properties["cn"][0];
            }
            catch (Exception ex)
            {
                throw new Exception("Error authenticating user. " + ex.Message);
            }
            return true;

            #endregion
        }
        #endregion
}
}

The Solution can be implemented in following method. The required screens in the application would be.

• User Group Master - Create Multiple groups from the screen
• User Master - create multiple users from the screen
• User Group Detials Master - Select User, the screen would list different user group. Assign different groups to the user.
• User Group Rights Master - Select the Group, List different menus in the application and grant different privilages.

Method For Implementation

• Assign Menu ID to all Menus, Keep a menu master table to list in screen for assigning rights.

• Create a rights details table with menu id,group id and different rights you want to control,visibility,save,editing details and additional stuffs based on your requrements.

• Create a function checkpermission while doing any operations in the screen or accessing the menu item with the menu id and the permission to check and user id as parameter. The function will return value True or False and the rights can be controlled.

The same can be achieved in Web Application also. It has been implemented succesfully in various personal projects which I had undertaken.

The Solution can be implemented in following method. The required screens in the application would be.

• User Group Master - Create Multiple groups from the screen
• User Master - create multiple users from the screen
• User Group Detials Master - Select User, the screen would list different user group. Assign different groups to the user.
• User Group Rights Master - Select the Group, List different menus in the application and grant different privilages.

Method For Implementation

• Assign Menu ID to all Menus, Keep a menu master table to list in screen for assigning rights.

• Create a rights details table with menu id,group id and different rights you want to control,visibility,save,editing details and additional stuffs based on your requrements.

• Create a function checkpermission while doing any operations in the screen or accessing the menu item with the menu id and the permission to check and user id as parameter. The function will return value True or False and the rights can be controlled.

The same can be achieved in Web Application also. It has been implemented succesfully in various personal projects which I had undertaken. Additionaly you could also have an Audit log insert in the permission checking function and provide access reports based on screen accessed or data modified on screen or task completed on screen or additional task you would want logged in your application