Re: Have <authentication mode="Windows"> half working
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 18 Mar 2006 14:52:43 -0600
So, you are in WINWARD\Domain Users, but
Context.User.IsInRole("WINWARD\\Domain Users") returns false? That makes no
sense.
Joe K.
"David Thielen" <thielen@xxxxxxxxxxxxx> wrote in message
news:6A73441C-F5DA-4FD4-ABAD-6DB2AA8B4B50@xxxxxxxxxxxxxxxx
groups below - I am in them.
Is there some security permission I must have granted for this to work?
(Although if that's the issue, shouldn't I get a SecurityException?)
- grps {Dimensions:[14]} string[]
[0] "WINDWARD\\Domain Users" string
[1] "Everyone" string
[2] "BELLE\\Debugger Users" string
[3] "BUILTIN\\Administrators" string
[4] "BUILTIN\\Users" string
[5] "NT AUTHORITY\\INTERACTIVE" string
[6] "NT AUTHORITY\\Authenticated Users" string
[7] "LOCAL" string
[8] "WINDWARD\\Programming Users" string
[9] "WINDWARD\\VSS Admin" string
[10] "WINDWARD\\Marketing" string
[11] "WINDWARD\\Marketing Users" string
[12] "WINDWARD\\VSS Users" string
[13] "WINDWARD\\CERTSVC_DCOM_ACCESS" string
--
thanks - dave
david_at_windward_dot_net
http://www.windwardreports.com
"Dominick Baier [DevelopMentor]" wrote:
hi.
a) remove the allow=* - thats redundant
b) look at this code - this returns all groups the user is member of:
http://www.leastprivilege.com/GettingAllGroupsForAWindowsAccountInNET20.aspx
or even better - use my showcontexts tool - drop it into your web dir and
inspect the values
http://www.leastprivilege.com/ShowContextsAnotherUpdateIAdmitIt.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi;
For authentication of:
<authentication mode="Windows">
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
I get the user and the user is authenticated. But IsInRole is failing:
// these 4 calls are correct
IPrincipal user = Context.User;
WindowsIdentity wi = user.Identity as WindowsIdentity;
bool b = wi.IsAuthenticated;
// these all fail (computer name belle, domain name windward
bool admin = user.IsInRole("administrators");
bool admin2 = user.IsInRole("belle\\administrators");
bool du = user.IsInRole("Domain Users");
bool du2 = user.IsInRole("windward/Domain Users");
bool du3 = user.IsInRole("windward\\Domain Users");
bool du4 = user.IsInRole("\\windward\\Domain Users");
bool du5 = user.IsInRole("\\windward.local\\Domain Users");
bool du6 = user.IsInRole("\\windward\\Users");
bool du7 = user.IsInRole("\\windward.local\\Users");
Any ideas?
.
- Follow-Ups:
- Re: Have <authentication mode="Windows"> half working
- From: David Thielen
- Re: Have <authentication mode="Windows"> half working
- References:
- Re: Have <authentication mode="Windows"> half working
- From: Dominick Baier [DevelopMentor]
- Re: Have <authentication mode="Windows"> half working
- From: David Thielen
- Re: Have <authentication mode="Windows"> half working
- Prev by Date: Re: Have <authentication mode="Windows"> half working
- Next by Date: Re: Have <authentication mode="Windows"> half working
- Previous by thread: Re: Have <authentication mode="Windows"> half working
- Next by thread: Re: Have <authentication mode="Windows"> half working
- Index(es):
Relevant Pages
|
