isInRole doesn't work for one user, but works for everyone else

From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 09/17/04

  • Next message: Raghu Raman: "RE: Doubt in web.config?" 
    To: microsoft.public.dotnet.framework.aspnet.security
Date: Fri, 17 Sep 2004 12:34:49 -0700

    Hi,

     i must admin - i don't really understand your logic.

     why don't you just call User.IsInRole("role"); ???

     another note - the documentation states that your are only allowed to call SetPrincipalPolicy once per AppDomain - maybe something is wrong here...

     You only have to call SetPrincipalPolicy if no plumbing has populated Thread.CurrentPrincipal for you (e.g. in a console / winforms app) - but ASP.NET does that.

     

     ---
     Dominick Baier - DevelopMentor
     http://www.leastprivilege.com

       nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<4DACDDCC-5AC0-495A-A583-C44B3F8CC6FE@microsoft.com>

     I have an ASP.NET/C# application in which I verify that the current user is a
     member of a list of roles before giving them access to particular functions
     of the application (read vs update). I am using the IsInRole method of the
     IPrincipal object to check for role membership. Currently, I am just
     checking the domain/username against a list of domain/usernames, and will
     eventually created Groups.
     
     This is working well for all users, except one. Although my application is
     correctly identifying this user with the correct domain/username, the
     isinrole call returns false.
     
     My code is below:
     
     from the .aspx.cs:
     
     private void Page_Load(object sender, System.EventArgs e)
     {
     if (!((Security)(Application["security"])).userInRole("edit",
     HttpContext.Current.User))
     edit = false;
     else
     edit = true;
     
     
     }
     
     This code is from a C# object (called "Security") and is called from the
     page above:
     
     
     public Boolean userInRole(String role, IPrincipal principal)
     {
     Boolean inRole = false;
     
     AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
     
     //get users from hashtable
     String[] users = (String[])securityRolesMap[role];
     
     //loop through users to see is the current user matches
     
     for(int i=0;i< users.Length;i++)
     {
     String user = users[i];
     if (principal.IsInRole(users[i].ToLower()))
     {
     inRole = true;
     break;
     }
     }
     
     return inRole;
     
     }
     
     
     Any ideas why this would work okay for everyone except one user?
     
     
     [microsoft.public.dotnet.framework.aspnet.security]

  • Next message: Raghu Raman: "RE: Doubt in web.config?"