Last post Mar 13, 2014 09:40 PM by Ericzh
Mar 06, 2014 04:33 PM|kirkpabk3|LINK
I have a MVC5 based project for which my users can log in using forms authentication, but may also log in through a Windows account using a Windows login handler under Katana (OWIN).
All components are the latest (OWIN -pre 3.0.0 alpha2). The mixed authentication portion works fine. But I cannot seem to get authorization based on AD groups to work. So, specifically, where in the IIS or OWIN pipeline should I grab the AD attributes
and apply them as roles and/or claims--or is this even possible? At this time the Roles object is empty and the Claims only have the generic identity and provider claims that you'd expect.
So, in short--I want to be able to assert Windows Active Directory roles (from an intranet perspective) on a user within a mixed-authentication environment.
Was able to get claims, as type groupsid, to come across if I enable authentication mode = "Windows" and set a property in the Application_Start for
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.WindowsAccountName;
The downside is that I get the nagging "Authentication Required" dialog that keeps popping up regardless of the credentials, but seems to populate the Windows Identity and roles anyway (in Chrome at least--IE seems to lose it on page refresh)...
Thanks in advance!
Mar 13, 2014 09:40 PM|Ericzh|LINK
Please refer to the following links: