locked
AD and nested groups RRS feed

  • Question

  • User1512738059 posted

    Hi there,

    I am now dealing with nested groups in my application. My security is done through a web config file where i use "allow roles" to allow certain domain\group in.

     

    Now if the group is nested in AD, allow roles does not seem to work. What is the alternative solution?

    thanks in advance

    Wednesday, March 22, 2006 6:29 PM

All replies

  • User1354132231 posted
    If you are using custom forms authentication where you figured out the user's roles yourself and added them to their IPrincipal, then you need to do the unrolling of the groups yourself as well.

    You can do this easily in AD and ADAM by using the 'tokenGroups' property as this contains the user's security group membership including nested ones (and primary group).

    More on 'tokenGroups' and how to read them can be found here:

    http://dunnry.com/blog/EnumeratingTokenGroupsTokenGroupsInNET.aspx
    Thursday, March 23, 2006 11:43 AM