I have an application in which I show each Active Directory group to which the current user belongs. When I have my configuration setting as follows:
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
It works great. When it looks like this:
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
No groups found. Why does it matter? Does asp.net only provide authentication if we specifically refuse access to unauthorized users?
If this helps, so I get the groups:
protected string GetUserGroups()
{
StringBuilder userGroups = new StringBuilder();
ArrayList groupMembers = new ArrayList();
DirectoryEntry root = new DirectoryEntry("LDAP://myldap/DC=nc,DC=local");
DirectorySearcher ds = new DirectorySearcher(root);
ds.Filter = String.Format("(&(samaccountname={0})(objectClass=person))", User.Identity.Name.Substring(User.Identity.Name.LastIndexOf(@"\") + 1));
ds.PropertiesToLoad.Add("memberof");
try
{
foreach (SearchResult sr in ds.FindAll())
{
foreach (string str in sr.Properties["memberof"])
{
string str2 = str.Substring(str.IndexOf("=") + 1, str.IndexOf(",") - str.IndexOf("=") - 1);
groupMembers.Add(str2);
}
}
}
catch
{
}
return String.Join("|", (string[])groupMembers.ToArray(typeof(string)));
}
source
share