RE: isInRole doesn't work for one user, but works for everyone else
From: petersonrj (petersonrj_at_discussions.microsoft.com)
Date: 09/21/04
- Next message: Bob Gregory: "Hierarchy in user management"
- Previous message: Peter Sedman: "Web Service and SSL"
- In reply to: Dominick Baier: "isInRole doesn't work for one user, but works for everyone else"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Sep 2004 06:19:03 -0700
Dominick,
Thanks for the information on SetPrincipalPolicy method. I removed that
from my code.
The userInRole method that I created is intended to be a reusable method
throughout my application, as I need this functionality in multiple places.
So, I really am just calling User.IsInRole("role") since User is an
IPrincipal.
For the user for which the call wasn't working, I created an AD group and
added them as a member. The isInRole works fine for that user when comparing
to a group, just not against their user id. I'm still not sure why, but at
least I've got the app working.
Thanks for your help!
"Dominick Baier" wrote:
> Hi,
>
> i must admin - i don't really understand your logic.
>
> why don't you just call User.IsInRole("role"); ???
>
> another note - the documentation states that your are only allowed to call SetPrincipalPolicy once per AppDomain - maybe something is wrong here...
>
> You only have to call SetPrincipalPolicy if no plumbing has populated Thread.CurrentPrincipal for you (e.g. in a console / winforms app) - but ASP.NET does that.
>
>
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<4DACDDCC-5AC0-495A-A583-C44B3F8CC6FE@microsoft.com>
>
> I have an ASP.NET/C# application in which I verify that the current user is a
> member of a list of roles before giving them access to particular functions
> of the application (read vs update). I am using the IsInRole method of the
> IPrincipal object to check for role membership. Currently, I am just
> checking the domain/username against a list of domain/usernames, and will
> eventually created Groups.
>
> This is working well for all users, except one. Although my application is
> correctly identifying this user with the correct domain/username, the
> isinrole call returns false.
>
> My code is below:
>
> from the .aspx.cs:
>
> private void Page_Load(object sender, System.EventArgs e)
> {
> if (!((Security)(Application["security"])).userInRole("edit",
> HttpContext.Current.User))
> edit = false;
> else
> edit = true;
>
>
> }
>
> This code is from a C# object (called "Security") and is called from the
> page above:
>
>
> public Boolean userInRole(String role, IPrincipal principal)
> {
> Boolean inRole = false;
>
> AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
>
> //get users from hashtable
> String[] users = (String[])securityRolesMap[role];
>
> //loop through users to see is the current user matches
>
> for(int i=0;i< users.Length;i++)
> {
> String user = users[i];
> if (principal.IsInRole(users[i].ToLower()))
> {
> inRole = true;
> break;
> }
> }
>
> return inRole;
>
> }
>
>
> Any ideas why this would work okay for everyone except one user?
>
>
> [microsoft.public.dotnet.framework.aspnet.security]
>
- Next message: Bob Gregory: "Hierarchy in user management"
- Previous message: Peter Sedman: "Web Service and SSL"
- In reply to: Dominick Baier: "isInRole doesn't work for one user, but works for everyone else"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
