+1-888-365-2779
Try Now
More in this section

Forums / Security / Question about Active Directory Roles

Question about Active Directory Roles

5 posts, 0 answered
  1. Eric Wallace
    Eric Wallace avatar
    66 posts
    Registered:
    08 Oct 2009
    06 May 2010
    Link to this post
    In the UserManager.GetRolesForUser() method, 10 roles are coming back for my account. I belong to quite a few more than 10 roles. However, in the Sitefinity > Administration > Permissions section, when I expand the "Select a Role" drop down list, there are hundreds of roles listed (including the roles I am in but are missing from the GetRolesForUser() method). It's almost like it is not recursive.

    The roles that I am in that are not listed in the UserManager.GetRolesForUser() method  are in an Organizational Unit within another Organizational Unit. Example:
    OU=Alpha
        CN=Role_A
        OU=Role_A_Children
            CN=ChildRole_A
            CN=ChildRole_B
            CN=ChildRole_C
    OU-Beta
        CN=Role_B
        OU=Role_B_Children
            CN=ChildRole_D
            CN=ChildRole_E
            CN=ChildRole_F

    So in the above example, the GetRolesForUser() method is returning Role_A and Role_B, but not ChildRole_A, ChildRole_B...etc.

    Could this be something wrong with my configuration?

    Thanks,
    Eric
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    07 May 2010
    Link to this post
    Hello Eric Wallace,

    Try using

    var roleProvider = Roles.Providers["SomeName"];
    var s= roleProvider.GetUsersInRole("SomeGroup");

    In the provider we use System.DirectoryServices.SearchResult and call DirectorySearcher.FindOne Method. Then we get the member property from the SearchResult object.

    You can also retrieve all OU by using DirectoryEntry.Children Property


    All the best,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. Eric Wallace
    Eric Wallace avatar
    66 posts
    Registered:
    08 Oct 2009
    07 May 2010
    Link to this post
    Hi Ivan,

    I'm not sure I understand your response, and maybe I need to be more clear that my issue is not from a coding perspective, it's that roles I am in are not being found using the Telerik AD provider and I am being denied access to the CMS.

    Using the previous example, if I give unrestricted access toChildRole_B, I get the "This type of page is not served" error because no permissions are found. It's almost as if the dropdownlist in the administrative section is finding all the roles in AD, but the provider is only finding them at the root-level...in which case it would do no good to assign permissions to anything but root-level roles because the others would never be found by the provider.

    Thanks.
  4. Eric Wallace
    Eric Wallace avatar
    66 posts
    Registered:
    08 Oct 2009
    07 May 2010
    Link to this post
    Ivan, please disregard my last post. The issue is not with the provider, it was the fact that we have two entries with the exact same objectSid, and only the second one is coming back...hence the "missing role". Thanks for your help on this.

    Eric
  5. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    09 May 2010
    Link to this post
    Hi Eric Wallace,

    Thanks for getting back to me. If there are any further questions, let me know.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Register for webinar
5 posts, 0 answered