Is there a way to indicate a specific domain in the "Allowed Roles" section?
For instance, we have 2 domains, and I want to give access to "Domain Users" for just Domain#1 and not for "Domain Users" of Domain#2, but don't know how to indicate that in the Allowed Roles section. Any thoughts?
It's not immediately possible with this version - but as it (in theory anyway) works with nested groups, you should be able to use a group on your first domain who's members is just the domain users group (i think you can do this) then you can use that group to check.
In a simpler (but not used for very long) version we did have a line that added the domain the user was logging on from to the list of groups (so someone logging on from DomainA would be reported as being in the group DomainA inside umbraco ). you could then use the domain name to secure for anyone from a single domain.
This isn't in the code and it has moved on a bit since then, but if you wanted to make this change to the source....
you could add a line around line 194 of ADRoleProvider.cs - basically split the username (it should be DOMAIN\USERNAME) and take the domain element and add it to the list of providers ( like Results.Add(userDomainName); )
sorry I don't currently have access to a multi-domain set-up, or i would make changes and test it for you.
Thanks Kevin! I had thought to do the nested solution, but not sure how our Admin on main campus will feel about creating me a group. I'll keep my fingers crossed.
Role Provider on Multiple Domains
Is there a way to indicate a specific domain in the "Allowed Roles" section?
For instance, we have 2 domains, and I want to give access to "Domain Users" for just Domain#1 and not for "Domain Users" of Domain#2, but don't know how to indicate that in the Allowed Roles section. Any thoughts?
Thanks!
Brian
It's not immediately possible with this version - but as it (in theory anyway) works with nested groups, you should be able to use a group on your first domain who's members is just the domain users group (i think you can do this) then you can use that group to check.
In a simpler (but not used for very long) version we did have a line that added the domain the user was logging on from to the list of groups (so someone logging on from DomainA would be reported as being in the group DomainA inside umbraco ). you could then use the domain name to secure for anyone from a single domain.
This isn't in the code and it has moved on a bit since then, but if you wanted to make this change to the source....
you could add a line around line 194 of ADRoleProvider.cs - basically split the username (it should be
DOMAIN\USERNAME
) and take the domain element and add it to the list of providers ( likeResults.Add(userDomainName);
)sorry I don't currently have access to a multi-domain set-up, or i would make changes and test it for you.
Thanks Kevin!
I had thought to do the nested solution, but not sure how our Admin on main campus will feel about creating me a group. I'll keep my fingers crossed.
is working on a reply...