MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Problems with Active Directory Authentication  (Mono Support )

Viewed 53293 time(s), 26 post(s) 12/5/2012 4:55:21 PMby afabri73
afabri73

afabri73

12/28/2012 11:16:45 AM
OK...
this is the response of the above test:
########################################################
Username: ADAdm
AD Member of: Domain Admins
-------------------
Check if user is in Admin Role: False - SecurityUtility.IsAdmin()
Check if user is in Admin Role passing Guid (FA1A876C-A988-4C60-A261-A12E00FDC774): True - SecurityUtility.IsUserInRole(Guid.Parse("FA1A876C-A988-4C60-A261-A12E00FDC774"))
Check if in Domain Admins role: False - SecurityUtility.IsUserInRole("Domain Admins")
Check if in Domain Users role: False - SecurityUtility.IsUserInRole("Domain Users")
Check if in Administrators role: False - SecurityUtility.IsUserInRole("Administrators")
Check if in Users role: False - SecurityUtility.IsUserInRole("Users")

User's roles count: 26 - SecurityUtility.UserRoleIds().Count()
########################################################

I don't know why the navigation menu on top of the page correctly recognize the user as Domain Admins but the rest of the page...NO.

Can I upload any files that can help you to understand what is the problem?

Best reguards


This content has not been rated yet. 
115 Reputation 19 Total posts
afabri73

afabri73

12/28/2012 11:34:34 AM
This is the screenshot of the blog page with error

This page has these permissions:
- Navigation Menu: Administrators, Domain Admins, Users, Domain Users
- Page: Administrators, Domain Admins, Users, Domain Users (view)
Administrators, Domain Admins (edit)
This content has not been rated yet. 
115 Reputation 19 Total posts
afabri73

afabri73

12/28/2012 2:46:43 PM
Hi Denis,
I probably found a possible workaround to the issue.
If I enable the Active Directory user authentication with AD Membership Provider (<membership defaultProvider="ActiveDirectoryMembershipProvider" hashAlgorithmType="SHA1">) but leave the role management to asp.net (<roleManager enabled = "true" defaultProvider = "AspNetSqlRoleProvider" >), do you think this will solve the problem?
During the first login, can I assign a default role or I must create a login extention to do that?

Best reguards,
Adriano
This content has not been rated yet. 
115 Reputation 19 Total posts
denis

denis

12/28/2012 5:17:29 PM
Users should be automatically added to the roles entered in the DefaultUserRoles setting in the web.config. As for you proposed solution, it might work, but it is probably not what I would settle for (taking the users from the AD, but using the ASP.NET roles). Looking at the results of your tests, things do look strange. You current user is not recognized as a member of the Domain Admins role, which should not be the case if I understand everything correctly. It seems like he is not a member of any of the "important" roles, but he still has 26 roles attached to it - it would be nice if you could compare the GUIDs of his roles to the IDs of the roles in the aspnet_roles table, to see exactly which roles are recognized. 
This content has not been rated yet. 
7207 Reputation 956 Total posts
afabri73

afabri73

12/29/2012 3:56:14 PM
The AD users are added only in the users area but they aren't added to the default roles.

My current user is a Domain Admins user in AD and the navigation bar recognizes it correctly, and this can also be seen from the administrators gray bar on top of the page, but when Monox must display the content of the page there are probably different controls that for some reason can not take correctly the AD user roles.
This content has not been rated yet. 
115 Reputation 19 Total posts
denis

denis

12/31/2012 3:43:40 PM
Sorry, I was not clear regarding the default roles - they are not used by AD membership provider. All role settings are expected to be set on the AD side, and MonoX will not assign users to any additional roles in this mode (it would not make sense to do it, anyway).
However, it is really strange to see that the user that is recognized as admin cannot access any of the pages. We can resolve this only by having the direct access to your system.
This content has not been rated yet. 
7207 Reputation 956 Total posts
1 2 3