Re: DirectoryEntry.Invoke access is denied

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/13/05


Date: Fri, 13 May 2005 14:44:17 -0500

Why not just use Context.User.IsInRole("domain\group name")?

It is a lot easier than trying to get your delegation scenario working and
much easier than trying to enumerated the users groups (which is much much
more complex than the code you show below).

Joe K.

"Jason" <Jason@discussions.microsoft.com> wrote in message
news:8722B18A-802B-4F7F-BA1F-CC841FE7A5C7@microsoft.com...
> In an ASP.NET application designed as intranet using Windows
> Authentication.
>
> I am trying to query a PDC group to see if a string matches a user that is
> assigned to the group using the function below. On my development box, all
> is
> ok when I access through debug or using the http://localhost. When I
> access
> this on the deployment server 2003 or on my dev box using the
> http://ipaddress I get an
> access is denied on the line:
> object oRet = de.Invoke("Members") .
>
> What changes to security do I need to apply? I have an NT group that
> limits all the users that can run this.
>
> TIA, Jason
>
> private bool UserIdExistsInNT4Group()
> {
> DirectoryEntry de = new DirectoryEntry();
> de.Path = @"WinNT://wfdcptnt1/CMStest,group";
> object oRet = de.Invoke("Members");
> IEnumerable users = (IEnumerable) oRet;
> foreach(object user in users)
> {
> DirectoryEntry det = new DirectoryEntry(user);
> string tuserid = det.Path;
> tuserid = tuserid.Replace("WinNT://", "");
> tuserid = tuserid.Replace("/", "\\");
> _log.Debug(tuserid);
> if (tuserid.ToUpper() == this.UserId.ToUpper())
> {
> return true;
> }
> }
> return false;
> }