How do I Allow an Active Directory group member to do anything in my LightSwitch HTML Client application?

Question

I've recently created my first lightswitch application but I have been struggeling to publish it to my IIS for anyone to use.

Every guide I see sets specific rights to update or delete or to do any task in their application. This is NOT what I want.. I want to use a single GROUP in Active Directory to give access to the whole application.

Currently the application has been published with 'Allow any authenticated Windows user' but the page still shows 403 - Forbidden: Access is denied.

From what I have seen, the desktop client (silverlight) is REQUIRED to set up specific rights in this application.

What I'm guessing that I should do at this point is:

1. Add the DesktopClient to my solution
2. Add a permission 'Allowed'
3. Check in every possible _Can function if the used has the permission 'Allowed'.. somehow..
4. Somehow publish the DesktopClient to somewhere using my own Windows user as the administrator
5. Open the silverlight application on some magical path
6. Add a role 'Allowed' and attach this to the 'Allowed' permission.
7. Add my AD Group as a user and assign the Allowed role

But all I can think of is: Naaaahhh.. it can't be that messy.. no way... or is it?

Answer 1

The best solution in my case was actually to just add the DesktopClient.

I have added the permission 'Allowed' and in the desktop client I have assigned an Active Directory group to this permission. From that moment on, every user that belongs to this group has access to the lightswitch application