Problems with windows authentication and PublicSearchFilter


Im having some problems with searching content that a specific user has been given access to using Unified search. The content is being filtered out even though the user has been added to the page ACL and the user is listed in the UsersWithReadAccess array.

It only seems to happend in our test enviroment where windows authentication is enabled and works fine with forms authentication. It also works if i give access to the users role but not if i give access to that specific user.

I have been digging around in the Find assemblies trying to find the code that sets the default PublicSearchFilter to see if i could find anything that mgiht cause problems using windows auth but without finding it.

Has anyone experianced any simular problems?

Mar 21, 2014 9:57

Take a look of the query json going to Find using Fiddler and check if you see anything suspicious there.

May 02, 2014 12:46

I finally got some time to look at this again.

I managed to trace the request on our test server using fiddlers iis-integration an saw that when logged in using Windows authentication, the domain name was sent i capital letters i.e. "MYDOMAIN\username" but in the index the UsersWithReadAccess list had "mydomain\username".

When resending the request using Fiddler and with the domain name changed to lower case I got the response i expected.

I guess I cant really do anything to fix this myself except to report it as a bug?

Jun 26, 2014 11:00

Yeah, should be reported. I can't think of any situation where matching usernames and rolenames needs to be case-sensitive.

If you need something out ASAP you could check the roleprovider settings and if there's no setting available there or in IIS, possibly override and change the casing by yourself in your own provider implementation.

Jun 26, 2014 11:14

There is a fix for this comming

Sep 01, 2014 13:36
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.