Customizing Group Membership Checks

To comply with the querying rights set up for your configuration, you can customize how the platform checks if an Active Directory user belongs to a specific Active Directory group. To do so, use the core-setting-adauth-group-query-mode key in the <appSettings> section of the web.config file:

Copy


<appSettings>
...
<add key="core-setting-adauth-group-query-mode" value="1 or 2"/>
...
</appSettings>

Setting the value to 1 uses the user.GetAuthorizationGroups() method to retrieve all the groups the user account belongs to, then loops them to see if the target group is among them.
Setting the value to 2 uses the user.IsMemberOf(group) method to query directly if the user account is part of the target group.

Default value: 1.