chandotnet

AFElement CheckSecurity for domain users

Discussion created by chandotnet on Apr 23, 2013
Latest reply on Apr 26, 2013 by chandotnet

We have a "windows authenticated" web service.

 

The web service open & cache a connection to AF using a service account with all rights on AF elements.

 

This web service is hosted on domain A and trust the domain B.

 

Users from domain B connect to the web service and are authentified.

 

Now the web service will want to check if the authenticated user have rights to write to a given AF element.

 

We have added Domain A Active Directory groups to the element.

 

We have added Domain B users to the Domain A Groups that we have added to the element.

 

We get the WindowsIdentity like that :

 

 

 
var userIdentity = (WindowsIdentity)HttpContext.Current.User.Identity;

user is B\userName

 

and then we check the security like that:

 

 

 
var secur = afElement.Security.CheckSecurity(userIdentity);

 

 

The result will always return None even if the user is in a group with all rights on the element.

 

 

 

Are we using the good function to do that ?

 

Do we have to impersonate or something like that ?

 

 

 

Many thanks for you help.

Outcomes