Authenticate based off LDAP Group in Webconfig

Question

The setup is as follows:

I have an AD Security Group "DOMAIN\MYGROUP" populated with users. I have an LDAP eDir Group "DOMAIN\MYGROUP-Approvers" populated with admins for the group.

In my webconfig I can use the AD Security Group to authenticate and it works

<system.web>
  <authorization>
    <allow roles="DOMAIN\MYGROUP"/>
    <deny users="*"/>        
  </authorization>
</system.web>

However using the LDAP Group to authenticate does not work.

<system.web>
  <authorization>
    <allow roles="DOMAIN\MYGROUP-Approvers"/>
    <deny users="*"/>        
  </authorization>
</system.web>

How can I configure my webconfig to work for LDAP Groups the same way it works for AD Security Groups?

Thanks!

A group (in my case MYGROUP-Approvers) within the LDAP eDirectory. — kmc5117, Jun 21 '16 at 19:54

score 0 · Answer 1 · edited May 23 '17 at 12:08

0

You most likely need to create a custom role provider that could return eDir roles. Go to MSDN for more information. Another try might be to modify ActiveDirectoryMembershipProvider.

For a quick and dirty solution you can also try to overwrite Application_PostAuthenticateRequest and add eDir roles to AD roles.

edited May 23 '17 at 12:08

Community

1
1

answered Jul 07 '16 at 13:23

user2316116

6,726
1
21
35

Authenticate based off LDAP Group in Webconfig

1 Answers1