Windows Authentication

We have just installed PSU v2.2.1 and enabled windows authenticataon in the appsettings file.

We have disabled the roles Operator, Reader and Execute by setting $false in the roles.ps1 and the Administrator role is based on an AD group membership (using $User.HasClaim(‘x’,SID) function). The Administrator role and a custom role (also based on AD group) has access to a new default dashboard on url /.

When an AD user with no membership of any group access the site, they are denied access to the dashboard but they still have access to the /admin site with read only access for automation scripts/jobs and platform published folder/rate limites.

Is this by design or a bug?
Are there any way we can redirect them to an access denied page or something like that?

We don’t want any users to access the /admin portion of the system.

Product: PowerShell Universal
Version: 2.2.1

I’m experiencing a similar issue on PSU 2.2.1. In addition to the above, trying to disable Forms authentication or saving changes to update the Security->Authentication->Form script does not seem to be working properly. Saving changes reports to complete, but then if I go back to the script the changes are not there.

This is a bug. There are a couple of places (the ones you found) that allow non-readers to view certain information. This has been resolved in 2.3. We have also added an Not Authorized page to prevent users with this level of permissions from even loading the admin page.

As for the the Forms auth not saving, that’s also been fixed in 2.3.

Thanks for the info.