{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Deceive 欺骗 的问题《AD Groups with spaces used for roles authorization》','https://www.manongdao.com/q-802020.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to get roles Authorization working with an AD Group. However it appears that since it contains spaces it won't work.
I have tried AD groups without spaces and they work fine.
<authorization>
<allow roles=".\IS Software Delivery - Staff" />
<deny users="*" />
</authorization>
Any ideas?
The solution for me was a reboot of my development PC after the Active Directory setup was done. (Actually several reboots while I tested.)
I was sure of the same conclusion you reached "space in name is not valid", BUT as I pushed for an answer, I found that was not true.
It appeared that way because once I suspected "space" was the issue, the other groups I tested with did not have spaces. But they also had been defined months ago (and had no recent changes).
My best understanding is that local IIS (express?) as run through Visual Studio caches its view of your AD groups when it first runs (shortly after boot, maybe on first test). So, when I made some groups in Active Directory and then went to VS Express to test, I had a lot of frustration. Note: I never had the issue when I published to a server IIS.
Another factor (not in my case) that could cause delay (frustration) is that the AD knowledge of Users and Group is normally shared by a group of servers, often spread over multiple physical sites. This can lead to a brief delay (10 to 30 minutes), before the info is known by every server.