-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication cannot be restricted since $User & $ClaimsPrinciple $Null #208
Comments
By using the -Endpoint block of the UDPage and then using the -Pages parameter of New-UDDashboard instead of -Content, I am able to make this work. It would still be optimal if the validation script could occurs before even the Content scriptblock so we wouldn't be forced to use the Endpoint block (which does more stuff and therefore is slower to display anything) . Here's a working sample for anyone having the same question as I and looking for resolution..
|
Agreed, having a more granular way of restricting access to the dashboard to specific users. Also, the ability to restrict to specific pages - Example Group A has access to pages 1-3 where Group B has access to pages 1,4,5 etc.. |
@adamdriscoll is it a bug that on pages that use -Content $User is $null ? |
This has been implemented in 2.0. You will be able to define authorization policies and assign them to endpoints and pages. If a user meets the criteria you specify, they will be able to see the page and\or use the endpoints. The pages that aren't authorized won't show up in the menu and you won't be able to navigate to them by typing in the URL. You'll be able to do the following for both static (Content) and dynamic (Endpoint) pages.
|
The $ClaimsPrinciple is null when loading the dashboard.
That means any user signing in through the same provider than me can view the dashboard.
I would think that the $ClaimsPrinciple (and $User) needs to be available first thing so we can validate claims before displaying anything.
Maybe this could be a -ClaimsValidationScript parameter in the New-UDDashboard so you can prevent anyone unauthorized to even see a glimpse of the background color choosen or just by having the variables available in the main Content scriptblock
Problem summary
Using a provider to restrict the dashboard still allow everyone having an account with the provider to login into the dashboard. Since $ClaimsPrinciple/$User are not available in the main Content scriptblock, anybody with an account to the provider can enter the dashboard.
Proposed modification
$ClaimsPrinciple (particularly) and $User should be available in the dashboard main Content scriptblock or maybe a -AuthenticationValidationScript parameter for Start-UDDashboard with access to these variables and executed before even the content is accessed should allow us to validate user claims principals.
My Configuration when I encountered the error
The text was updated successfully, but these errors were encountered: