ActiveDirectoryMembershipProvider - IsInRole problem

D

David Thielen

Hi;

For forms/ActiveDirectoryMembershipProvider authentication, I get an
authenticated user but IsInRole fails. I am getting a FormsIdentity where
authentication-"Forms" and name="dave". I do have to enter my domain password
for it to login.

web.config:
<roleManager enabled="true"/>
<authentication mode="Forms">
<forms name=".ADAuthCookie" loginUrl="login.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<membership defaultProvider="MyProvider">
<providers>
<clear/>
<add name="MyProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADService"
attributeMapUsername="SAMAccountName"
/>
</providers>
</membership>
 
D

Dominick Baier [DevelopMentor]

is the problem on the other thread resolved??

There is no ActiveDirectoryRolesProvider - the roles are not populated from
AD...thats why IsInRole fails.
 
D

David Thielen

Hi;

Yes - windows authentication works 100%.

Yes - ActiveDirectory authentication does authenticate against domain
username and password.

So just this IsInRole issue. How do I get the roles to come from AD?

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
 
D

Dominick Baier [DevelopMentor]

right - and i think it is a pretty heavy limitation that there is no AD role
provider...

it is on my todo list - but i haven't found time so far...


You have to fetch them manually - joe knows at least 3 ways to do that :)
 
J

Joe Kaplan \(MVP - ADSI\)

Yeah, if I had time right now, I'd put one together for you. In the
meantime, you can check out Ryan's blog (www.dunnry.com) and see his
tokenGroups group membership expansion sample. It works quite well. You
could probably roll that into a role provider if you wanted to try.

Ryan and I are together at a conference next week, so maybe we can try to do
something like this? Who knows. :)

Joe K.
 
D

David Thielen

Hi;

That's amazing that you can authenticate but not authorize from AD - sort of
makes it useless I think except for the case of any AD user is allowed to do
anything...

If you write one, I would be happy to test it.

--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ActiveDirectoryMembershipProvider Performance 0
ActiveDirectoryMembershipProvider & ValidateUser 12
ActiveDirectoryMembershipProvider Object reference not set ... 2
ActiveDirectoryMembershipProvider do not work ? 0
ActiveDirectoryMembershipProvider 18
ActiveDirectoryMembershipProvider CreateUserWizard 0
location path not functioning within web.config -- no images/css 0
Password reset configuration with ActiveDirectoryMembershipProvide 4

Members online

Total: 23 (members: 2, guests: 21)
Robots: 281

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top