Re: PrincipalPermission Attribute and Nested Groups

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 04/09/04

  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Forms Authentication with Active Directory using vb.net"
    Date: Fri, 9 Apr 2004 00:05:48 -0500
    
    

    This does definitely work. However, there are a few requirements:
     - Your AD domain needs to be in 2000 native mode or 2003 functional level
     - Group A needs to have the security bit set on the groupType

    If both of those are true, you should have no problems. If not, then that
    is the problem. If those are both true and it still isn't working, it could
    be an issue of having the group name (domain\samAccountName) incorrect.

    HTH,

    Joe K.

    "Anthony Christianson" <achristianson@momentuminteractive.com> wrote in
    message news:udxMAHbHEHA.3564@TK2MSFTNGP09.phx.gbl...
    > The Issue:
    >
    > Group A contains Group B
    > Group B contains User 1.
    >
    > I want to check if User 1 is in Group A.
    >
    >
    > This:
    > [PrincipalPermission(SecurityAction.Demand,Role="Group A")]
    > Fails
    >
    > This:
    > [PrincipalPermission(SecurityAction.Demand,Role="Group B")]
    > Succeeds.
    >
    >
    > Since Group B is a memberOf Group A, they both should succeed.
    >
    > I have tried :
    >
    > WindowsIdentity identity = WindowsIdentity.GetCurrent();
    > WindowsPrincipal principal = new WindowsPrincipal(identity);
    > if( principal.IsInRole("Group A"))
    > {
    > Debug.WriteLine("Yippee");
    > }
    >
    > And this does not work.
    >
    > Does anyone have a answer as to how I can quickly check to see if User 1
    is
    > in Group A
    >
    >


  • Next message: Joe Kaplan \(MVP - ADSI\): "Re: Forms Authentication with Active Directory using vb.net"