Hi,
I’ve scoured the forum but I’ve been unable to find a solution.
I’ve just purchased a license for premium, applied it, everything is happy!
I’m now looking to apply Windows authentication and authorization policies to limit access to specific pages based on AD group membership.
I’ve followed the documentation. I’m running 2.7.0, hosted in IIS, AnonAuth is disabled, Windows Auth Enabled and i’ve confirmed that my web.config has forwardWindowsAuthToken=“true”
In my dashboard.ps1 I’ve got the following:
$AdminPolicy = New-UDAuthorizationPolicy -Name “Administrators” -Endpoint {
param($ClaimsPrincipal)
$ClaimsPrincipal.HasClaim(“http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid”, “S-1-5-21-83642069-1626958306-390482200-XXXXXX”)
}
$AuthMethod = New-UDAuthenticationMethod -Windows
$LoginPage = New-UDLoginPage -AuthenticationMethod $AuthMethod -PassThru -AuthorizationPolicy @($AdminPolicy)
On New-UDPage for two of my pages, I’ve used the flag: -AuthorizationPolicy “Administrators”
Now when i visit my dashboard, the login seems to work since i get the ‘sign out’ in the top right, I can visit all the pages except the two with the auth policy.
Using the -AdminMode flag on start-uddashboard, and visiting the admin terminal, $user returns the username i would expect, likewise if i copy/paste my claims line:
$ClaimsPrincipal.HasClaim(“http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid”, “S-1-5-21-83642069-1626958306-390482200-XXXXXX”)
It evaluates to true as expected.
However the two pages with this auth policy, I cant get to and they both throw Page not Found.
Not sure what I’m doing wrong here, anyone have any ideas?
Might differ abit, as i’m using Azure AD Auth, do a " | convertto-json " to a file on the $user param in the auth policy to see what is provided of information.
Adding the above custom policy also does not show.
When I look at $user in the admin console, all i’m seeing is a 12 char string with domain\username, nothing else, no sub properties etc.