Re: VB .Net Security Question
From: Joe Kaplan (ilearnedthisthehardway@noway.com)
Date: 02/17/03
- Next message: Brad: "RE: Implementing my own Windows Authentication module."
- Previous message: Brad: "Re: Implementing my own Windows Authentication module."
- In reply to: David Allen: "Re: VB .Net Security Question"
- Next in thread: MS Security: "Re: VB .Net Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joe Kaplan" <ilearnedthisthehardway@noway.com> Date: Mon, 17 Feb 2003 11:03:43 -0600
The user's token needs to include the new group information. Depending on
the domain controller where you made the change, the domain controller the
user is logged in to, replication lag, the last time the user actually
logged in, etc., there could be all kinds of lag.
So I guess that is normal. You might be able to minimize this in a web app
by making your group membership changes to the same DC that the web server
is authenticating against (if you can figure that out...).
Glad things are working better though!
Joe K.
"David Allen" <dallen@carrieraccess.com> wrote in message
news:#g0wENq1CHA.1776@TK2MSFTNGP09...
> Well, things go a whole lot better once I installed .Net Framework SP2! I
> also got better results once I ensured that it was a WindowsPrincipal
object
> that I was dealing with (thanks Joe!). I am still finding that there is a
> serious lag between the time that I make a change in the group membership,
> and the time that the check works correctly and notices it. Is this
normal?
>
> - Dave
>
> "Joe Kaplan" <ilearnedthisthehardway@noway.com> wrote in message
> news:#hw8mt90CHA.2372@TK2MSFTNGP09...
> > You definitely need the domain name in front of the group if it is a
> Windows
> > domain group. Are you sure the current principal is a WindowsPrincipal
> and
> > is a member of that domain group? You can do a quick and dirty
imperative
> > check in ASP.NET with context.User.IsInRole("DOMAIN\ArtUser").
> >
> > Joe K.
> >
> > "David Allen" <dallen@carrieraccess.com> wrote in message
> > news:eyQDMZ40CHA.428@TK2MSFTNGP09...
> > > Hi:
> > > I am working on the middle tier of an enterprise application, and am
> > > embedding security checking in it. I am trying to use the following
> > snippet
> > > of code to check to see if the currently logged-on use is in the group
> > > ArtUser. I have tried putting the domain in front of the group name
> > > (DOMAIN\ArtUser) and that didn't work. I can make this code work just
> fine
> > > if I use on of the BUILTIN groups like BUILTIN\Users, and it works
fine
> > > using Name := and the user's name. Can anyone help me out with this?
Am
> I
> > > missing something that is just blatently obvious?
> > >
> > > <PrincipalPermission(SecurityAction.Demand, Role:="ArtUser")>
_
> > > Public Function GetArtRefs() As ArtRefs
> > >
> > > 'returns a collection of artref objects.
> > > Dim oRefs As New ArtRefs()
> > >
> > > Thanks in advance,
> > >
> > > Dave Allen
> > >
> > >
> >
> >
>
>
- Next message: Brad: "RE: Implementing my own Windows Authentication module."
- Previous message: Brad: "Re: Implementing my own Windows Authentication module."
- In reply to: David Allen: "Re: VB .Net Security Question"
- Next in thread: MS Security: "Re: VB .Net Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
