I’m trying to make it so that only certain users/groups can log into a new dashboard I’ve created for our Service Desk. Here is the setup:
- I’m have forms authentication turned on. The code checks to see if you’re in an AD group that’s allowed, and if so returns $result.success = $true, otherwise $false.
- I’ve created a role called ServiceDeskUser. If you’re on a list of allowed users, or you’re in an allowed AD group, it returns $true. If not, it returns $false
- The ServiceDesk dashboard has authentication enabled, and the Role is set to ServiceDeskUser.
The actual behavior I see is that whoever is allowed to log in per the forms authentication code gets into the dashboard, and whoever can’t log in per form authentication can’t get to the dashboard. The ServiceDesk role code executes, and returns a response, but ultimately is ignored. (E.g. someone may be allowed per forms auth, but disallowed per the ServiceDesk role. That user would be allowed.)
First, is my approach to this sound? I want to use forms auth code to allow/deny access because it’s the only way I can control access to the admin interface and Automation. But I also want to control access to this dashboard (and probably others in the future, with different sets of users).
If my approach is correct, what might I be doing wrong?
Product: PowerShell Universal Version: 1.5.3