Configuring SSO with a Custom RoleProvider

Permanently deleted user

26. Juli 2012 23:51

I'm running into some problems trying to configure the REST endpoint security.

Desired outcome

Use Integrated Windows Authentication for single sign-on with a custom RoleProvider for non-Active Directory roles. Additionally we hope to be able to check roles in the Silverlight viewer, but we haven't gotten that far yet.

Current outcome

Fails with HTTP 403 when adding an allow role permission with a non-Active Directory role.

Succeeds when adding an allow role permission with an Active Directory role.

Configuration

Site.xml security is set as:

<Security

 

Enabled="true"

 

MembershipProviderName="CustomActiveDirectoryMembershipProvider"

 

RoleProviderName="CustomRoleProvider"

 

UseWindowsAuthentication="true" />

IIS > Authentication

 

    Anonymous Authentication = Enabled

 

    Windows Authentication = Enabled

 

    Other types are disabled.

System log entry

 

 

<Event Timestamp="2012-07-26T09:02:01.7745594-07:00" Level="WARN" Identity="MYDOMAIN\MYUSERNAMEHERE"><Message>Authorization failure: Geocortex.ApplicationServices.Security.Enforcement.AuthorizationException: The current user cannot access the desired resource.

 

   at Geocortex.ApplicationServices.Security.Enforcement.AccessResults.Demand()

 

   at Geocortex.Essentials.Site.Authorize()

 

   at Geocortex.Essentials.Rest.EssentialsRestController.GetSite(String siteId, Boolean clone)

 

   at Geocortex.Essentials.Rest.Resources.ViewersResource.Init()

 

   at Geocortex.Rest.Handling.RestController.InitResource(RequestContext context, RestContext restContext)

 

   at Geocortex.Essentials.Rest.EssentialsRestController.InitResource(RequestContext context, RestContext restContext)

 

   at Geocortex.Essentials.Rest.EssentialsRestRequestDispatcher.DispatchRequestUsingEssentialsSecurity()

 

   at Geocortex.Essentials.Rest.EssentialsRestRequestDispatcher.ProcessRequestUnderContext()

 

The Zone of the assembly that failed was:

 

MyComputer</Message></Event>

 

Comments

If I set the Site.xml Security elements UseWindowsAuthentication=false I can manually log in with Active Directory and use my roles, but the desire is for users to not have to enter credentials.

I have also tried adding the RoleManager configuration to the REST Endpoint web.config, which appeared to have no effect.

I would welcome any suggestions.

 

Thanks,

Adam

0

• 

  Permanently deleted user

  7. Januar 2013 17:05

  Hi Adam,

  Did you get this worked?  I am looking for the same.

  Thanks and Regards,

  ~Paul

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.