Closed papyr closed 5 years ago
If you're using AD we tend to believe AD is the one true source of truth, it's what keeps AD administrators happy. If you use integrated authentication then IsInRole() will work, or you configure ADFS to pass the group membership through in its auth token, and again, IsInRole() will then work.
What is the object to maintain mirror the goups inside identitfu for user groups.
For roles its clear with RoleManager/Roles
, but Groups is missing
If you cast the current identity to a WindowsIdentity, which assumes integrated authentication and NOT ASP.NET Identity, there's a Groups property you can check in your authorization rules.
hi @blowdart I tried this, but there is no User-Groups object in Microsoft ASP Identity 2.
What would I cast this to? or do I subclass Roles, please elaborate or even a snippet.
As I said this only works on WindowsIdentity. So it's limited to integrated authentication/AD. This does not mix with ASP.Identity. So configure your app for Windows authentication, then cast the identity to a WindowsIdentity and then you get a Groups property on the cast instance.
@blowdart i am glad you acknowledge that mismatch between their web and windows server platforms, any chance you can bubble that up to MS so they include this.
There is a disconnect with Active Directory, since we don't have support for User Groups in Identity, how can we implement or mirror this functionality inside ASP identity