We have a "windows authenticated" web service.
The web service open & cache a connection to AF using a service account with all rights on AF elements.
This web service is hosted on domain A and trust the domain B.
Users from domain B connect to the web service and are authentified.
Now the web service will want to check if the authenticated user have rights to write to a given AF element.
We have added Domain A Active Directory groups to the element.
We have added Domain B users to the Domain A Groups that we have added to the element.
We get the WindowsIdentity like that :
var userIdentity = (WindowsIdentity)HttpContext.Current.User.Identity;
user is B\userName
and then we check the security like that:
var secur = afElement.Security.CheckSecurity(userIdentity);
The result will always return None even if the user is in a group with all rights on the element.
Are we using the good function to do that ?
Do we have to impersonate or something like that ?
Many thanks for you help.