Roles added but lost at logoff

[dhassall]

My users login successfully to the Site (with the module) but lose roles when they logoff

I have provided certain users access to page(s) using a Permission (Role) (I login as a normal DNN Host) to give the roles

If I login as the user I can see the pages, but if I logout and login again they're gone

I've gone into the Extension settings and added the Role there and checked deploy

Is there some other setting I am missing or do I need to link them to some AD feature

Thanks in advance

[sawest]

Can you give me some more info about: "I've gone into the Extension settings and added the Role there and checked deploy"? I am not aware of a place in this extension's settings that you can add role or check deploy.

[dhassall]

Hi Steven

Many thanks, I use Camtasia so I will record a short video, so you can see everything in full :)

Best Regards

Dave Hassall

07909 994388

This e-mail is confidential and to be read by the addressee only. Any opinions expressed in this e-mail are those of the individual sender. Although we take all reasonable steps to eliminate viruses we cannot accept responsibility for damage caused by viruses, worms, trojans etc. You must virus scan all attachments before opening.

From: Steven A West notifications@github.com Sent: 22 July 2019 14:46 To: DNNCommunity/DNN.ActiveDirectory DNN.ActiveDirectory@noreply.github.com Cc: dhassall github@davehassall.co.uk; Author author@noreply.github.com Subject: Re: [DNNCommunity/DNN.ActiveDirectory] Roles added but lost at logoff (#62)

Can you give me some more info about: "I've gone into the Extension settings and added the Role there and checked deploy"? I am not aware of a place in this extension's settings that you can add role or check deploy.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DNNCommunity/DNN.ActiveDirectory/issues/62?email_source=notifications&email_token=AKDIS3IYFUT43EGXYWP3CZ3QAW2YVA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2P64OA#issuecomment-513797688 , or mute the thread https://github.com/notifications/unsubscribe-auth/AKDIS3L5CINYTCP7PPM5HFLQAW2YVANCNFSM4IFYXVBQ . https://github.com/notifications/beacon/AKDIS3KASLE3ZKV5MKRS6ITQAW2YVA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2P64OA.gif

[dhassall]

Hi Steven

As promised here is the video that highlights the issue.

FYI, I have 2 copies of Chrome open. In our environment we have Citrix therefore in the video you see one Chrome that is PC based and the other Citrix hence I can keep the site open with 2 logins active.

http://www.candavedoit.co.uk/Portals/14/MainPictures/DNNWinLogin.mp4?ver=2019-07-25-084907-100

Best Regards

Dave Hassall

07909 994388

This e-mail is confidential and to be read by the addressee only. Any opinions expressed in this e-mail are those of the individual sender. Although we take all reasonable steps to eliminate viruses we cannot accept responsibility for damage caused by viruses, worms, trojans etc. You must virus scan all attachments before opening.

From: Steven A West notifications@github.com Sent: 22 July 2019 14:46 To: DNNCommunity/DNN.ActiveDirectory DNN.ActiveDirectory@noreply.github.com Cc: dhassall github@davehassall.co.uk; Author author@noreply.github.com Subject: Re: [DNNCommunity/DNN.ActiveDirectory] Roles added but lost at logoff (#62)

Can you give me some more info about: "I've gone into the Extension settings and added the Role there and checked deploy"? I am not aware of a place in this extension's settings that you can add role or check deploy.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DNNCommunity/DNN.ActiveDirectory/issues/62?email_source=notifications&email_token=AKDIS3IYFUT43EGXYWP3CZ3QAW2YVA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2P64OA#issuecomment-513797688 , or mute the thread https://github.com/notifications/unsubscribe-auth/AKDIS3L5CINYTCP7PPM5HFLQAW2YVANCNFSM4IFYXVBQ . https://github.com/notifications/beacon/AKDIS3KASLE3ZKV5MKRS6ITQAW2YVA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2P64OA.gif

[sawest]

Thanks for the video. First, the extension settings you are looking at for the Authentication Module, not this module. You will need to find the Active Directory Authentication Provider module in your list and look at those settings.

I am guessing you have the Sync Roles option enabled in the AD extension settings. If so, the user groups that the user is a member of in AD will be synced with DNN roles. If they are not a member of the Mediation user group in AD then that role will get stripped everytime they login to DNN. You have 2 options, a) Create a Mediation group (must be spelled exactly the same) in AD, then make that user a member of it in AD or B) disable Role Sync within the AD extension settings.

Usually I keep Role Sync enabled and do all my group memberships in AD. I just make sure there is a matching role in the DNN instance. I do not do any group membership management in DNN, only AD and let it sync over.

I hope this helps. Report back and let me know if that gets you fixed.

[dhassall]

Brilliant

That makes a lot of sense

Fortunately we have a number of AD security groups created, I work for a solicitors, and have groups created to protect Case Types and all GDPR stuff that goes with it.

I have also produced a video for the installation and setup of this module happy to share that with you to put on GitHub

Best Regards

Dave Hassall

07909 994388

This e-mail is confidential and to be read by the addressee only. Any opinions expressed in this e-mail are those of the individual sender. Although we take all reasonable steps to eliminate viruses we cannot accept responsibility for damage caused by viruses, worms, trojans etc. You must virus scan all attachments before opening.

From: Steven A West notifications@github.com Sent: 25 July 2019 14:38 To: DNNCommunity/DNN.ActiveDirectory DNN.ActiveDirectory@noreply.github.com Cc: dhassall github@davehassall.co.uk; Author author@noreply.github.com Subject: Re: [DNNCommunity/DNN.ActiveDirectory] Roles added but lost at logoff (#62)

Thanks for the video. First, the extension settings you are looking at for the Authentication Module, not this module. You will need to find the Active Directory Authentication Provider module in your list and look at those settings.

I am guessing you have the Sync Roles option enabled in the AD extension settings. If so, the user groups that the user is a member of in AD will be synced with DNN roles. If they are not a member of the Mediation user group in AD then that role will get stripped everytime they login to DNN. You have 2 options, a) Create a Mediation group (must be spelled exactly the same) in AD, then make that user a member of it in AD or B) disable Role Sync within the AD extension settings.

Usually I keep Role Sync enabled and do all my group memberships in AD. I just make sure there is a matching role in the DNN instance. I do not do any group membership management in DNN, only AD and let it sync over.

I hope this helps. Report back and let me know if that gets you fixed.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DNNCommunity/DNN.ActiveDirectory/issues/62?email_source=notifications&email_token=AKDIS3MJPR23ATRYDJM7YUTQBGUDPA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2ZP3CY#issuecomment-515046795 , or mute the thread https://github.com/notifications/unsubscribe-auth/AKDIS3LAMSYVJT6XHIPQZXDQBGUDPANCNFSM4IFYXVBQ . https://github.com/notifications/beacon/AKDIS3NCOD77YR3R2UEVYJDQBGUDPA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2ZP3CY.gif

[dhassall]

Hi Steven

Syncing to the AD Groups worked an absolute treat :)

In case I’ve missed it have you produced a version of this module for the latest DNN platform. I think the last time I looked it wasn’t written for V9

Best Regards

Dave Hassall

07909 994388

This e-mail is confidential and to be read by the addressee only. Any opinions expressed in this e-mail are those of the individual sender. Although we take all reasonable steps to eliminate viruses we cannot accept responsibility for damage caused by viruses, worms, trojans etc. You must virus scan all attachments before opening.

From: Steven A West notifications@github.com Sent: 25 July 2019 14:38 To: DNNCommunity/DNN.ActiveDirectory DNN.ActiveDirectory@noreply.github.com Cc: dhassall github@davehassall.co.uk; Author author@noreply.github.com Subject: Re: [DNNCommunity/DNN.ActiveDirectory] Roles added but lost at logoff (#62)

Thanks for the video. First, the extension settings you are looking at for the Authentication Module, not this module. You will need to find the Active Directory Authentication Provider module in your list and look at those settings.

I am guessing you have the Sync Roles option enabled in the AD extension settings. If so, the user groups that the user is a member of in AD will be synced with DNN roles. If they are not a member of the Mediation user group in AD then that role will get stripped everytime they login to DNN. You have 2 options, a) Create a Mediation group (must be spelled exactly the same) in AD, then make that user a member of it in AD or B) disable Role Sync within the AD extension settings.

Usually I keep Role Sync enabled and do all my group memberships in AD. I just make sure there is a matching role in the DNN instance. I do not do any group membership management in DNN, only AD and let it sync over.

I hope this helps. Report back and let me know if that gets you fixed.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DNNCommunity/DNN.ActiveDirectory/issues/62?email_source=notifications&email_token=AKDIS3MJPR23ATRYDJM7YUTQBGUDPA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2ZP3CY#issuecomment-515046795 , or mute the thread https://github.com/notifications/unsubscribe-auth/AKDIS3LAMSYVJT6XHIPQZXDQBGUDPANCNFSM4IFYXVBQ . https://github.com/notifications/beacon/AKDIS3NCOD77YR3R2UEVYJDQBGUDPA5CNFSM4IFYXVB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2ZP3CY.gif

[valadas]

I don't want to reply for Steven, but yes the module works on latest releases

[sawest]

@dhassall glad that helped! The newest release has been installed on the 9.3 I believe and it worked. If you find any bugs with the newest version of DNN please report them here.