Unregistered users can login with the role registered

Unregistered users can login with the role registered

  

Hello everyone!


I have a problema in my company platform.

I have an application that use the Registered role (it's just a webPage where I have the links to the other internal applications). I put like this because It's AD authentication and I want that everyone in the company can access this page. What it's happening it's that someone try to enter with other login that isn't registered in our AD, the platform add that user automatically to the users. If we try to enter with na AD user but with the wrong password the platform refuse the login and say that the login it's invalid (so, with the AD logins the platform Works fine). 

I need to block the acess to external users, with logins that aren't from our AD.

How can I do that?


Thank you for your help!


Best Regards,


Ricardo

Hi Ricardo,

The major question is: Why is the login adding users to the that are not known to the AD as users to the platform?

OutSystems by default never adds a user to the Users, it would just state that the user can't login.

It seems that there is a bug in your AD implementation (when a user doesn't exist in AD, add it to the system).

Kind regards,

Remco Dekkinga

Ricardo Pereira wrote:

Hello everyone!


I have a problema in my company platform.

I have an application that use the Registered role (it's just a webPage where I have the links to the other internal applications). I put like this because It's AD authentication and I want that everyone in the company can access this page. What it's happening it's that someone try to enter with other login that isn't registered in our AD, the platform add that user automatically to the users. If we try to enter with na AD user but with the wrong password the platform refuse the login and say that the login it's invalid (so, with the AD logins the platform Works fine). 

I need to block the acess to external users, with logins that aren't from our AD.

How can I do that?


Thank you for your help!


Best Regards,


Ricardo

Hi,

Happy to say that Ricardo and I were able to sort this thing out.

What was happening was that any non-existent username, when checked against the Active Directory, was validated, thus created in the Users.

It turned out to be that the domain-level Guest account was enabled (yes, we know it is strongly recommended to keep it disabled) and that introduces that behavior. Disabling it got us back on track.