Windows Claims AuthorizationPolicy Not Working

I’ve scoured the forum but I’ve been unable to find a solution.

I’ve just purchased a license for premium, applied it, everything is happy!
I’m now looking to apply Windows authentication and authorization policies to limit access to specific pages based on AD group membership.
I’ve followed the documentation. I’m running 2.7.0, hosted in IIS, AnonAuth is disabled, Windows Auth Enabled and i’ve confirmed that my web.config has forwardWindowsAuthToken=“true”

In my dashboard.ps1 I’ve got the following:
$AdminPolicy = New-UDAuthorizationPolicy -Name “Administrators” -Endpoint {
$ClaimsPrincipal.HasClaim(“”, “S-1-5-21-83642069-1626958306-390482200-XXXXXX”)
$AuthMethod = New-UDAuthenticationMethod -Windows
$LoginPage = New-UDLoginPage -AuthenticationMethod $AuthMethod -PassThru -AuthorizationPolicy @($AdminPolicy)

On New-UDPage for two of my pages, I’ve used the flag: -AuthorizationPolicy “Administrators”

Now when i visit my dashboard, the login seems to work since i get the ‘sign out’ in the top right, I can visit all the pages except the two with the auth policy.
Using the -AdminMode flag on start-uddashboard, and visiting the admin terminal, $user returns the username i would expect, likewise if i copy/paste my claims line:
$ClaimsPrincipal.HasClaim(“”, “S-1-5-21-83642069-1626958306-390482200-XXXXXX”)
It evaluates to true as expected.
However the two pages with this auth policy, I cant get to and they both throw Page not Found.
Not sure what I’m doing wrong here, anyone have any ideas?


Hi tom / @insomniacc

Throw this on a page:
New-UDCard -Id “FancyCardboi” -Title “Status” -Endpoint {
New-UDParagraph -Text “Hello $user”
$Policies = Get-UDAuthorizationPolicy
Foreach ($policy in $Policies) {
New-UDParagraph -text $policy

And see if your authorization policy works, as it will list out all the relevant auth policies.

Interesting, it only outputs ‘Hello username’ with nothing else. So my Auth policies are not being loaded/passed through?

Not sure if this is relevant or not but i’m dot sourcing my pages in dashboard.ps1

Hi again @insomniacc
That means that you don’t have a claim, or some error along the way prevents UD from checking the relevant claim.

Create a… custom auth policy with:
$admin = New-UDAuthorizationPolicy -Name ‘Admin’ -Endpoint {

$User.Identities.Name -match 'your name'


and see if that gets loaded?

Might differ abit, as i’m using Azure AD Auth, do a " | convertto-json " to a file on the $user param in the auth policy to see what is provided of information.

Adding the above custom policy also does not show.
When I look at $user in the admin console, all i’m seeing is a 12 char string with domain\username, nothing else, no sub properties etc.

Try the:
$admin = New-UDAuthorizationPolicy -Name ‘Admin’ -Endpoint {

$User | convertto-json | out-file C:\temp\outfile.txt
return $true


1 Like

Thanks for this.
I can see all claims output to the file and was able to get it working with the following:

$admin = New-UDAuthorizationPolicy -Name ‘Admin’ -Endpoint {
$user.Identity.Groups -contains “S-1-5-21-83642069-1626958306-390482200-XXXXXX”

1 Like

Awesome dude!

Happy hunting!