0

We have an MVC ASP.NET Application. A Person can see a View, if they are in one of the Active Directory Groups. We have only one box for hosting our Database and Application(code)

Our Problem:

A person does not exist in any one of The ADGroups, but he is Administrator on the box.

For Some Reason, he is authenticated with the View.. He is not supposed to be authenticated.

Do not know why its happening.

I know this is unique problem, Does anyone had similar issue?

This is the code we are using for authenticating a user

 if (LoginHelper.IsUserMemberOfRoles(LoginHelper.GetLoggedInUser(), new List<string> { GroupEnum.OurADGroupName.ToString()}))
    {
      //authenticated
    }
    else
    {
      //Redirect to not authorised View
    }

My Understanding: As the Person is Admin on the Box, does this override all ADGroupName Permissions.

It sounds very silly but I thing, this is one possibilty?

Hari Gillala
  • 11,736
  • 18
  • 70
  • 117
  • Are you sure the administrator does not belong to a group that belongs to one of the allowed group ? – JPBlanc Nov 08 '11 at 17:50
  • I am sure , he is not in any of the allowed group.. – Hari Gillala Nov 08 '11 at 18:06
  • [from the code at the end of this answer](http://stackoverflow.com/questions/7648692/can-i-match-a-user-to-a-group-accross-different-domains/7794945#7794945) can you retreive all the groups the administrator belongs to ? – JPBlanc Nov 08 '11 at 19:22
  • 1
    If he is an admin he will be able to see any group – David Aleu Nov 09 '11 at 09:19

1 Answers1

1

He surely must be an admin or in a group in Active Directory

David Aleu
  • 3,922
  • 3
  • 27
  • 48