Re: ActiveDirectoryMembershipProvider - IsInRole problem

Hi;

That's amazing that you can authenticate but not authorize from AD - sort of
makes it useless I think except for the case of any AD user is allowed to do
anything...

If you write one, I would be happy to test it.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com



"Joe Kaplan (MVP - ADSI)" wrote:

Yeah, if I had time right now, I'd put one together for you. In the
meantime, you can check out Ryan's blog (www.dunnry.com) and see his
tokenGroups group membership expansion sample. It works quite well. You
could probably roll that into a role provider if you wanted to try.

Ryan and I are together at a conference next week, so maybe we can try to do
something like this? Who knows. :)

Joe K.

"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be63198aac8c81c0e1b08144f@xxxxxxxxxxxxxxxxxxxxx
right - and i think it is a pretty heavy limitation that there is no AD
role provider...

it is on my todo list - but i haven't found time so far...


You have to fetch them manually - joe knows at least 3 ways to do that :)

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

ps - the use case for this authentication method is all users are in
AD, but some use firefox or opera as their browser.

"Dominick Baier [DevelopMentor]" wrote:

is the problem on the other thread resolved??

There is no ActiveDirectoryRolesProvider - the roles are not
populated from AD...thats why IsInRole fails.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi;

For forms/ActiveDirectoryMembershipProvider authentication, I get an
authenticated user but IsInRole fails. I am getting a FormsIdentity
where authentication-"Forms" and name="dave". I do have to enter my
domain password for it to login.

web.config:
<roleManager enabled="true"/>
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<membership defaultProvider="MyProvider">
<providers>
<clear/>
<add name="MyProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADService"
attributeMapUsername="SAMAccountName"
/>
</providers>
</membership>





.

Relevant Pages

  • OT: Problems with radiusd and EAP-PEAP
    ... I keep trying in order to radius authenticate and authorize users from XP. ... Module: Loaded eap ... leaving group authorize for request 0 ...
    (Debian-User)
  • OT:Problems with radiusd and EAP-PEAP
    ... I keep trying in order to radius authenticate and authorize users ... Module: Loaded eap ... leaving group authorize for request 0 ...
    (Ubuntu)
  • Re: implementing authentication & authorization using custom HTTPModule
    ... Scott, Thanks for the reply. ... Since the user is authenticated & authorized during the initial load, I think it's kind of redundant to Authenticate & Authorize during postbacks. ...
    (microsoft.public.dotnet.distributed_apps)
  • Application identifier
    ... I'm using WS-Security to authenticate and authorize the users of my ... Prev by Date: ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Authenticating Users on an Intranet
    ... and remove anonymous access in the directory security tab in IIS ... Dominick Baier - DevelopMentor ... > would like to authenticate the users without making them enter a user ...
    (microsoft.public.dotnet.framework.aspnet.security)