I am developing an Intranet Application in ASP.NET that uses Windows Authentication. I have created an AD class that gets information from the Active Directory Domain Controller. This is what I use to get things like User Groups that the currently logged user is in. The problem is in the ASP.NET Roles that the user is in. Seems funny, but the list of AD Groups that the user is in is totally different from the list of Roles that the user has.
Here is what I get:
List of AD Groups for a certian user
- Developers
- Account Operators
- Domain Admins
- IS_IUSRS
- Administrators
List of the same user's Roles
- PUDDOM\Domain Users
- Everyone
- BUILTIN\Users
- BUILTIN\Administrators
- NT AUTHORITY\INTERACTIVE
- NT AUTHORITY\Authenticated Users
- NT AUTHORITY\This Organization
- LOCAL
- PUDDOM\Domain Admins
- PUDDOM\Denied RODC Password Replication Group
- PUDDOM\DnsAdmins
OTHER INFORMATION:
- I have my website use Integrated Windows Authentication from IIS7.
- A portion of my
web.config
looks like
this:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider" enabled="true">
<providers>
<remove name="AspNetSqlRoleProvider" />
</providers>
</roleManager>
How do I reconcile the list?
I need to make my Roles list reflect the same data as my AD Groups list because I will use Role trimming in my site map and other stuff.