Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jul 03, 2012 05:02 PM by janetb
Jul 02, 2012 08:04 PM|LINK
I'm using windows authentication for a website. Everything works great except that for the home page I want to authentication with the "Domain Users" group. I set up a test account and put the account in two groups only. Domain users and another group
right next to it in the same OU. It recognizes the one with myCompanyOnly but not Domain Users. I'm using IIS6/2003 (migrating this week). I've tried using other created accounts with/without spaces, and tried using other domain-orginated accounts with
and without spaces. The only one it doesn't seem to recognize is Domain Users. For example, when I write out the groups I get:
ticketGroups:hrDept|myCompanyOnly|Fiscal Services|Domain Admins| - but no Domain Users even when they're explicitly in the group. I made sure I'm less than 255 characters.
Function getMyRole(ByVal myRole As String) As Boolean
Dim myReturn As Boolean
Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(Context.Request.Cookies(FormsAuthentication.FormsCookieName).Value)
Dim myGroups As String = (authTicket.UserData).ToString
lblGrps.Text = "ticketGroups:" & (authTicket.UserData).ToString & "<br />"
If InStr(myGroups, myRole) Then
myReturn = True
myReturn = False
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim adPath As String = "LDAP://domain.local/dc=domain,dc=local"
Dim adAuth As LdapAuthentication = New LdapAuthentication(adPath)
If True = adAuth.IsAuthenticated("myDomain", txtUsername.Text, txtPassword.Text) Then
Dim groups As String = System.Text.RegularExpressions.Regex.Replace(adAuth.GetGroups, "/s", "", RegexOptions.IgnoreCase Or RegexOptions.Multiline)
blah, blah, blah
Public Function GetGroups() As String
Dim search As DirectorySearcher = New DirectorySearcher(_path)
search.Filter = "(cn=" + _filterAttribute + ")"
Dim groupNames As StringBuilder = New StringBuilder
Dim regWhitespace As New Regex("\s")
Dim result As SearchResult = search.FindOne
Dim propertyCount As Integer = result.Properties("memberOf").Count
Dim dn As String
Dim equalsIndex As Integer
Dim commaIndex As Integer
Dim propertyCounter As Integer = 0
While propertyCounter < propertyCount
dn = CType(result.Properties("memberOf")(propertyCounter), String)
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If -1 = equalsIndex Then
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
System.Math.Min(System.Threading.Interlocked.Increment(propertyCounter), propertyCounter - 1)
Catch ex As Exception
Throw New Exception("Error obtaining group names. " + ex.Message)
Jul 02, 2012 08:15 PM|LINK
Been awhile since I've used AD... but did find a link that might be useful?
Jul 03, 2012 03:53 PM|LINK
Thanks cornball, but I guess I'm not understanding why I can put my test account in the following groups and all show up EXCEPT "Domain Users" ? Note that an AD-generated account "Domain Admins" that also contains a space shows up fine. That's what I'm
trying to get an explanation about.
hrDept|Companyonly|Fiscal Services|Domain Admins|
Jul 03, 2012 05:02 PM|LINK
Finally found an answer and wanted to post this link for others. After adding in the primary group (which isn't in the regular list of groups), everything is now being recognized.