API Questions on Kentico API.
Version 6.x > API > Updating AD Roles (Windows Authentication) View modes: 
User avatar
Member
Member
caramoSC - 8/23/2012 4:02:10 PM
   
Updating AD Roles (Windows Authentication)
I am using version 5.5r2.

Question. When a windows authenticated user logs in, all of their AD roles are imported. If I update the users AD roll within AD and the user logs in to Kentico app, only roles that have been added are in Kentico. Any role that was removed in AD still remains in Kentico.

What can I do to have the AD roles refreshed in Kentico.

Example:

Intially user is in an Admin role for the application(AD Role for application admin)
I change user to a read only role for the application in AD.

No Kentico still has user as being in Admin role and read only role.

It appears that kentico does not completely refresh the users AD roles (synch).

User avatar
Kentico Customer Success
Kentico Customer Success
kentico_martind2 - 8/28/2012 6:00:06 AM
   
RE:Updating AD Roles (Windows Authentication)
Hi,

could you please try to call Invalidate() method on the UserInfo object after assigning roles to users? It should cause reload of CMSContext.CurrentUser object with actual data.

In the future you can also use AD Import Utility: http://devnet.kentico.com/docs/devguide/index.html?ad_import_utility_overview.htm

Best regards,
Martin Danko

User avatar
Member
Member
caramoSC - 8/28/2012 7:35:49 AM
   
RE:Updating AD Roles (Windows Authentication)
kentico_martind2 wrote: Hi,

could you please try to call Invalidate() method on the UserInfo object after assigning roles to users? It should cause reload of CMSContext.CurrentUser object with actual data.

In the future you can also use AD Import Utility: http://devnet.kentico.com/docs/devguide/index.html?ad_import_utility_overview.htm

Best regards,
Martin Danko


Thanks for the reply.
Where would I call Invalidate(), is there a webpart that I should look at?

We are just using windows authentication and doing nothing special. So far as the AD import tool, application is just being implemented, so the user AD roles are being modified constantly. We do not wish to have to run the tool frequently.

User avatar
Kentico Customer Success
Kentico Customer Success
kentico_martind2 - 8/28/2012 9:05:23 AM
   
RE:Updating AD Roles (Windows Authentication)
Sorry for misunderstanding, with Invalidate() method you can control only currently signed user.

The only way to obtain requested behaviour is with AD import utility. Kentico CMS has it's own table of users roles and it isn't automatically synchronized with AD.

1. You can configure AD import utility to run regularly
2. There is still option to create your own solution