Multi-layer authorization on forms || UD 2.5.3

Acrith · August 28, 2019, 12:49pm

Hello.

I’d like to ask about couple of things, since I’m trying to set up UD properly with a pretty complex infrastructure project

IIS issues
I don’t know what is happening, but for some reason if I configure IIS to work with my dashboard, I have literally no data available. I’m loading informations to UDGrid via Variable, which loads data with PSExcel, and when I set up whole Dashboard, I have no data in it. (If it’s not on IIS, I can see all records I have).

Due to that, I searched for way to authorize via Windows/Azure, and so I found out this script:

github.com

psDevUK/psUniversalDashboard/blob/master/PagesGitHub/FormLogin.ps1

New-UDAuthenticationMethod -Endpoint {
    param([PSCredential]$Credentials)
    Function Test-Credential {
        [OutputType([Bool])]

        Param (
            [Parameter(
                Mandatory = $true,
                ValueFromPipeLine = $true,
                ValueFromPipelineByPropertyName = $true
            )]
            [Alias(
                'PSCredential'
            )]
            [ValidateNotNull()]
            [System.Management.Automation.PSCredential]
            [System.Management.Automation.Credential()]
            $Credential,

            [Parameter()]

This file has been truncated. show original

This would be cool, since all users are Authing from Active Directory BUT I would like them to see certain pages depending on the security group they are in - is there a way to do such authorization on forms OR somehow work with that IIS issue I have?

Filters
Is there a possibility to somehow include filtering on columns? Or searching in various columns simultaneously?

Thats it for now. ^^

adam · August 28, 2019, 1:36pm

For the IIS issue, can you enable UD logging to see if there is a reason data isn’t showing up? It sounds like there may be some sort of permission issue when running as the IIS AppPool user.

Enable-UDLogging -FilePath .\myLog.txt

You could use forms auth to specify roles per group. You could set it up so particular groups get a certain role and then you could limit pages based on the role assigned.

https://docs.universaldashboard.io/security/authorization/role-based

The UDGrid searches on all columns when using filtering. The problem is that if you format certain columns, it breaks the filtering for those columns. We are looking at implementing a more feature-rich grid that will include this exact type of functionality.

psDevUK · August 28, 2019, 1:39pm

Hi @Acrith and welcome to the forums. So glad you asked this question, as this is something I wanted to achieve myself, and I managed to do it using the following:-

$Navigation = New-UDSideNav -Endpoint {
New-UDSideNavItem -Text "HOME" -PageName "Home" -Icon home
New-UDSideNavItem -Divider
New-UDSideNavItem -Text "HELP" -PageName "Help" -Icon question
if (Get-ADGroupMembers "UD_Complaints_Managers" | Where-Object { $_.SamAccountName -match $User }) {
    New-UDSideNavItem -Divider
    New-UDSideNavItem -Text "ALL COMPLAINTS" -PageName "AllComplaints" -Icon chart_line
}
if (Get-ADGroupMembers "UD_Complaints_Managers" | Where-Object { $_.SamAccountName -match $User }) {
    New-UDSideNavItem -Divider
    New-UDSideNavItem -Text "MY COMPLAINTS" -PageName "AssignedComplaints" -Icon user_cog
}
if (Get-ADGroupMembers "UD_Complaints_Managers" | Where-Object { $_.SamAccountName -match $User }) {
    New-UDSideNavItem -Divider
    New-UDSideNavItem -Text "COMPLAINT HISTORY" -PageName "History" -Icon calendar_alt
}
New-UDSideNavItem -Divider
New-UDSideNavItem -Text "EDIT COMPLAINT" -PageName "Edit" -Icon pen_alt

if (Get-ADGroupMembers "UD_Complaints_Users" | Where-Object { $_.SamAccountName -match $User }) {
    New-UDSideNavItem -Divider
    New-UDSideNavItem -Text "MY COMPLAINTS" -PageName "MyComplaints" -Icon chart_pie
}
New-UDSideNavItem -Divider
New-UDSideNavItem -Text "NEW COMPLAINT" -PageName "New" -Icon plus_circle
if (Get-ADGroupMembers "UD_Complaints_Managers" | Where-Object { $_.SamAccountName -match $User }) {
    New-UDSideNavItem -Divider
    New-UDSideNavItem -Text "STATISTICS" -PageName "Statistics" -Icon chart_pie
}
New-UDSideNavItem -Divider

} -Fixed

So I make the sidebar nav menu dynamic depending which security group the user is in. I am using the same function Get-AdGroupMembers as I used in the sample of mine you found on github Then you also need to add the authorisation parameter in your pages:-
New-UDPage -Name "Home" -AuthorizedRole @("Administrator", "User") -Title "Welcome To The Complaints System" -Content {
As for the IIS thing I guess it depends on your domain environment, I mean as @adam mentioned check app pool user. Like when you go onto your site in IIS and click BASIC SETTINGS then click the TEST do both come back ok?

Acrith · August 29, 2019, 2:27pm

I basically looked over log file, but didn’t see anything. I am not sure if I can send you log file via private message with my Trust Level, tho i have no real idea what happens.
And I don’t know which data I should strip off the file to not share any informations (I seen license file being applied with whole code at second row), so…

Good that React Data Grid might come soon. This gives me hope!

About the psDevUK solution, didn’t try it yet, I had a rough day in work, but I’ll definitelly let you know if I find out if this works <3!

Topic		Replies	Views
More trouble with Authorization Policies Universal Dashboard Help	14	1523	April 15, 2020
Hosting in IIS (PSU version 1.5.3) - problem with Windows Auth etc Universal Dashboard	0	420	December 9, 2020
Authorization and policy's Universal Dashboard Help	8	592	January 10, 2020
IIS Windows Authentication - RBAC? Universal Dashboard Help	15	2168	January 2, 2019
Connectivity issue from UD Universal Dashboard Help	8	910	March 29, 2019

Multi-layer authorization on forms || UD 2.5.3

Related Topics