We are using SharePoint 2010 and have Forms Based Authentication setup so that it authenticates off of Active Directory. We've noticed that SharePoint doesn't connect, permission-wise, the Windows Integrated usernames with the FBA usernames. For example, in order to give someone permission to a page, we would need to give them access to both usernames, such as "i:0#.w|domainname\username" for Windows Integrated and "i:0#.f|admembers|username" for FBA.
Since the usernames are the same, is there any way to map those usernames to each other so that if a user uses FBA to log in, it will read the permissions already assigned to the correct Windows Integrated permissions? That way we don't need two permissions assigned for each user.
Also, we are assigning access to certain sites in SharePoint based off of AD groups. However it appears that if someone uses FBA to log in, it does not know to check group permission in Active Directory to see if that username is assigned to that group. So they get access denied when it would work if they logged in using the Windows Integrated login. Is there any way to fix that?