Closed zoltanharmath closed 6 years ago
Hi. That's not supported right now (though, look through the recent commits, they may be relevant). It looks like it's pretty easy to add, so I'll look into it in a few days.
On Fri, Jul 20, 2018, 10:24 PM zoliharmath notifications@github.com wrote:
Hi,
I understand the authentication part of this solution. How the authorization piece works? If the user is authenticated how can I get the group membership back?
Thank you, -Zoltan
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/antiduh/nsspi/issues/13, or mute the thread https://github.com/notifications/unsubscribe-auth/AIvvFFnSDxftyNpz-nIF5IuVp22Nrch7ks5uIpDYgaJpZM4VZdDN .
Can I get the authZ information back directly from the token or should I impersonate the authenticated client? I think if the authenticated client is impersonated I can extract the group membership from the access token. But this looks like a bit complicated direction. Theoretically how the authZ works? Is it part of the SSPI? I don't think so.
OK, I solved this. :) It is easy.
I have a working prototype it is working fine. This is not SSPI function so I go and close this.
This is not part of the SSPI so I go and close it. For authorization we should use the AccessCheck (https://msdn.microsoft.com/en-us/library/windows/desktop/aa374815(v=vs.85).aspx) function or the AuthZ.dll.
Hi,
I understand the authentication part of this solution. How the authorization piece works? If the user is authenticated how can I get the group membership back?
Thank you, -Zoltan