I'm using windows authentication for a website. Everything works great except that for the home page I want to authentication with the "Domain Users" group. I set up a test account and put the account in two groups only. Domain users and another group
right next to it in the same OU. It recognizes the one with myCompanyOnly but not Domain Users. I'm using IIS6/2003 (migrating this week). I've tried using other created accounts with/without spaces, and tried using other domain-orginated accounts with
and without spaces. The only one it doesn't seem to recognize is Domain Users. For example, when I write out the groups I get:
ticketGroups:hrDept|myCompanyOnly|Fiscal Services|Domain Admins| - but no Domain Users even when they're explicitly in the group. I made sure I'm less than 255 characters.
Any ideas?
Function getMyRole(ByVal myRole As String) As Boolean
Dim myReturn As Boolean
Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(Context.Request.Cookies(FormsAuthentication.FormsCookieName).Value)
Dim myGroups As String = (authTicket.UserData).ToString
lblGrps.Text = "ticketGroups:" & (authTicket.UserData).ToString & "<br />"
If InStr(myGroups, myRole) Then
myReturn = True
Else
myReturn = False
End If
Return myReturn
End Function
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim adPath As String = "LDAP://domain.local/dc=domain,dc=local"
Dim adAuth As LdapAuthentication = New LdapAuthentication(adPath)
Try
If True = adAuth.IsAuthenticated("myDomain", txtUsername.Text, txtPassword.Text) Then
Dim groups As String = System.Text.RegularExpressions.Regex.Replace(adAuth.GetGroups, "/s", "", RegexOptions.IgnoreCase Or RegexOptions.Multiline)
blah, blah, blah
Public Function GetGroups() As String
Dim search As DirectorySearcher = New DirectorySearcher(_path)
search.Filter = "(cn=" + _filterAttribute + ")"
search.PropertiesToLoad.Add("memberOf")
Dim groupNames As StringBuilder = New StringBuilder
Dim regWhitespace As New Regex("\s")
Try
Dim result As SearchResult = search.FindOne
Dim propertyCount As Integer = result.Properties("memberOf").Count
Dim dn As String
Dim equalsIndex As Integer
Dim commaIndex As Integer
Dim propertyCounter As Integer = 0
While propertyCounter < propertyCount
dn = CType(result.Properties("memberOf")(propertyCounter), String)
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If -1 = equalsIndex Then
Return Nothing
End If
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
groupNames.Append("|")
System.Math.Min(System.Threading.Interlocked.Increment(propertyCounter), propertyCounter - 1)
End While
Catch ex As Exception
Throw New Exception("Error obtaining group names. " + ex.Message)
End Try
Return groupNames.ToString
End Function
Thanks cornball, but I guess I'm not understanding why I can put my test account in the following groups and all show up EXCEPT "Domain Users" ? Note that an AD-generated account "Domain Admins" that also contains a space shows up fine. That's what I'm
trying to get an explanation about.
janetb
Member
454 Points
209 Posts
Authentication not recognizing "Domain Users"
Jul 02, 2012 08:04 PM|LINK
I'm using windows authentication for a website. Everything works great except that for the home page I want to authentication with the "Domain Users" group. I set up a test account and put the account in two groups only. Domain users and another group right next to it in the same OU. It recognizes the one with myCompanyOnly but not Domain Users. I'm using IIS6/2003 (migrating this week). I've tried using other created accounts with/without spaces, and tried using other domain-orginated accounts with and without spaces. The only one it doesn't seem to recognize is Domain Users. For example, when I write out the groups I get: ticketGroups:hrDept|myCompanyOnly|Fiscal Services|Domain Admins| - but no Domain Users even when they're explicitly in the group. I made sure I'm less than 255 characters.
Any ideas?
Function getMyRole(ByVal myRole As String) As Boolean Dim myReturn As Boolean Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(Context.Request.Cookies(FormsAuthentication.FormsCookieName).Value) Dim myGroups As String = (authTicket.UserData).ToString lblGrps.Text = "ticketGroups:" & (authTicket.UserData).ToString & "<br />" If InStr(myGroups, myRole) Then myReturn = True Else myReturn = False End If Return myReturn End Function Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click Dim adPath As String = "LDAP://domain.local/dc=domain,dc=local" Dim adAuth As LdapAuthentication = New LdapAuthentication(adPath) Try If True = adAuth.IsAuthenticated("myDomain", txtUsername.Text, txtPassword.Text) Then Dim groups As String = System.Text.RegularExpressions.Regex.Replace(adAuth.GetGroups, "/s", "", RegexOptions.IgnoreCase Or RegexOptions.Multiline) blah, blah, blah Public Function GetGroups() As String Dim search As DirectorySearcher = New DirectorySearcher(_path) search.Filter = "(cn=" + _filterAttribute + ")" search.PropertiesToLoad.Add("memberOf") Dim groupNames As StringBuilder = New StringBuilder Dim regWhitespace As New Regex("\s") Try Dim result As SearchResult = search.FindOne Dim propertyCount As Integer = result.Properties("memberOf").Count Dim dn As String Dim equalsIndex As Integer Dim commaIndex As Integer Dim propertyCounter As Integer = 0 While propertyCounter < propertyCount dn = CType(result.Properties("memberOf")(propertyCounter), String) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If -1 = equalsIndex Then Return Nothing End If groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1)) groupNames.Append("|") System.Math.Min(System.Threading.Interlocked.Increment(propertyCounter), propertyCounter - 1) End While Catch ex As Exception Throw New Exception("Error obtaining group names. " + ex.Message) End Try Return groupNames.ToString End Functioncornball76
Participant
1126 Points
210 Posts
Re: Authentication not recognizing "Domain Users"
Jul 02, 2012 08:15 PM|LINK
Been awhile since I've used AD... but did find a link that might be useful?
http://social.msdn.microsoft.com/Forums/eu/csharpgeneral/thread/ecb16a63-6619-4c68-a77c-8bb2682fc1be
janetb
Member
454 Points
209 Posts
Re: Authentication not recognizing "Domain Users"
Jul 03, 2012 03:53 PM|LINK
Thanks cornball, but I guess I'm not understanding why I can put my test account in the following groups and all show up EXCEPT "Domain Users" ? Note that an AD-generated account "Domain Admins" that also contains a space shows up fine. That's what I'm trying to get an explanation about.
hrDept|Companyonly|Fiscal Services|Domain Admins|
janetb
Member
454 Points
209 Posts
Re: Authentication not recognizing "Domain Users"
Jul 03, 2012 05:02 PM|LINK
Finally found an answer and wanted to post this link for others. After adding in the primary group (which isn't in the regular list of groups), everything is now being recognized. http://stackoverflow.com/questions/6415203/how-to-retrieve-users-in-a-group-including-primary-group-users/6441956#6441956