This repository has been archived by the owner. It is now read-only.

AD directory user-groups; can IdentityRole be subclassed to implement Role-Groups or User-Groups #2057

Closed
papyr opened this Issue Nov 6, 2018 · 6 comments

Comments

Projects
None yet
2 participants
@papyr
Copy link

papyr commented Nov 6, 2018

There is a disconnect with Active Directory, since we don't have support for User Groups in Identity, how can we implement or mirror this functionality inside ASP identity

@blowdart

This comment has been minimized.

Copy link
Member

blowdart commented Nov 6, 2018

If you're using AD we tend to believe AD is the one true source of truth, it's what keeps AD administrators happy. If you use integrated authentication then IsInRole() will work, or you configure ADFS to pass the group membership through in its auth token, and again, IsInRole() will then work.

@papyr

This comment has been minimized.

Copy link

papyr commented Nov 7, 2018

What is the object to maintain mirror the goups inside identitfu for user groups.

For roles its clear with RoleManager/Roles, but Groups is missing

@blowdart

This comment has been minimized.

Copy link
Member

blowdart commented Nov 8, 2018

If you cast the current identity to a WindowsIdentity, which assumes integrated authentication and NOT ASP.NET Identity, there's a Groups property you can check in your authorization rules.

@papyr

This comment has been minimized.

Copy link

papyr commented Nov 14, 2018

hi @blowdart I tried this, but there is no User-Groups object in Microsoft ASP Identity 2.

What would I cast this to? or do I subclass Roles, please elaborate or even a snippet.

@blowdart

This comment has been minimized.

Copy link
Member

blowdart commented Nov 14, 2018

As I said this only works on WindowsIdentity. So it's limited to integrated authentication/AD. This does not mix with ASP.Identity. So configure your app for Windows authentication, then cast the identity to a WindowsIdentity and then you get a Groups property on the cast instance.

@papyr

This comment has been minimized.

Copy link

papyr commented Nov 14, 2018

@blowdart i am glad you acknowledge that mismatch between their web and windows server platforms, any chance you can bubble that up to MS so they include this.

@papyr papyr closed this Nov 14, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.