Brian_B
asked on
AD groups not being passed to web app
we have a custom web app that's been in place for a few years. I have a user that rarely access but recently tried to and could not authenticate. my developer says the AD groups are not being passed when the user logs in. The user is a domain admin and part of other groups - and has no issue. He's logged into the app before but it's been maybe a year.
what could cause the AD groups to not be passed properly to the app? looking at the group membership via gpresult or dumpsec shows he's in all the groups he should be. only issue we've found, so far, is that they are not passed to this one app. we've tried from several PCs and such. thanks.
what could cause the AD groups to not be passed properly to the app? looking at the group membership via gpresult or dumpsec shows he's in all the groups he should be. only issue we've found, so far, is that they are not passed to this one app. we've tried from several PCs and such. thanks.
ASKER
not sure you read that right - the webserver is receiving the authentication and group information - not sending it. for all other users the groups are sent fine. for one user, no group information is sent. So my developer can see the authentication take place but access is denied because there are no groups. I don't see this being on the app since 100+ other users are working fine and have been for 2 years. so seems like something with this one user. we could delete the account and recreate but I'd prefer to know why this is happening in case its point to a larger issue.
Is the dev using ldap? Is the user a member of the restricted user group?
ASKER
Yes and there are no restricted groups. As long as you’re in one or more of the appropriate groups - you have that level of access in the app. But doesn’t seem to matter since groups are never showing up.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
It also seems like your developer could run the source code in an IDE, have this user log in, and walk through the code to see what goes to and what comes back from AD. Certainly that's where I'd start if only one user were being affected, AND I were positive the one user weren't in an AD group explicitly prohibited from using the web app.