Closed papyr closed 5 years ago
blowdart
commented
5 years ago If you're using AD we tend to believe AD is the one true source of truth, it's what keeps AD administrators happy. If you use integrated authentication then IsInRole() will work, or you configure ADFS to pass the group membership through in its auth token, and again, IsInRole() will then work.
papyr
commented
5 years ago What is the object to maintain mirror the goups inside identitfu for user groups.
For roles its clear with RoleManager/Roles, but Groups is missing
blowdart
commented
5 years ago If you cast the current identity to a WindowsIdentity, which assumes integrated authentication and NOT ASP.NET Identity, there's a Groups property you can check in your authorization rules.
papyr
commented
5 years ago hi @blowdart I tried this, but there is no User-Groups object in Microsoft ASP Identity 2.
What would I cast this to? or do I subclass Roles, please elaborate or even a snippet.
blowdart
commented
5 years ago As I said this only works on WindowsIdentity. So it's limited to integrated authentication/AD. This does not mix with ASP.Identity. So configure your app for Windows authentication, then cast the identity to a WindowsIdentity and then you get a Groups property on the cast instance.
papyr
commented
5 years ago @blowdart i am glad you acknowledge that mismatch between their web and windows server platforms, any chance you can bubble that up to MS so they include this.
There is a disconnect with Active Directory, since we don't have support for User Groups in Identity, how can we implement or mirror this functionality inside ASP identity