Views: 5351
Number of votes: 1
Average rating:

AD RoleProvider

In a recent project of mine, we needed to get the roles from AD. The AD roles we needed was deep inside the structure of the AD. But when we sat the connection string to point to that branch of the AD tree, none of the users got any of the roles.

That's because when you specify an branch you only get roles and users in that branch. As you can see in the GetUser methods in EPiServer.Security.ActiveDirectoryRoleProvide

image

There is more than one thing wrong with this method. It seems that the design pattern i EPiServer is to always access private fields, instead of public properties. _factory points to the public  DirectoryDataFactory and that could have been change in the Initialize process. This is getting more an more annoying…

We therefore have to (again!!!) copy the whole code of ActiveDirectoryRoleProvide and make changes.

I have basicly made a copy of the ActiveDirectoryRoleProvider and made myself an tag that points to where the users are RootNodeForUsers.

Code Snippet
  1. <add name="ActiveDirectoryRoleProvider"
  2.     type="Itera.Security.ActiveDirectoryRoleProvider, Itera.Security"
  3.     connectionStringName="ADRoles"
  4.     RootNodeForUsers="DC=ccc,DC=bbb,DC=aaa"
  5.     connectionUsername="ddd@aaa.bbb.ccc"
  6.     connectionPassword="xxxx"
  7.     connectionProtection="None"
  8.     attributeMapUsername="sAMAccountName" />

You can therefore with this code add an other branch so you can show a few roles, but have access to all the users.

Code can be downloaded here

Nov 22, 2010

Please login to comment.