Re: ASP.NET 2.0 Authorization Roles

---

• From: "Atul" <pyaarey@xxxxxxxxxxx>
• Date: Mon, 3 Apr 2006 18:26:41 +0530

---

"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be631993808c8253b0db91c80@xxxxxxxxxxxxxxxxxxxxx

try

a) whoami /groups from the command line (part of w2k3 or the resource kit)

It lists all the groups logged on user belong to.

b) drop this page in your app and see what roles you are member of (from
the view of asp.net)

DOMAIN-LAN\Domain Users-----------> IsInRole=True
Everyone-----------> IsInRole=True
ATUL\BizTalk Application Users-----------> IsInRole=True
ATUL\BizTalk Isolated Host Users-----------> IsInRole=True
ATUL\BizTalk Server Administrators-----------> IsInRole=True
ATUL\Debugger Users-----------> IsInRole=True
ATUL\EDI Subsystem Users-----------> IsInRole=True
ATUL\IIS_WPG-----------> IsInRole=True
ATUL\OLAP Administrators-----------> IsInRole=True
ATUL\OWS_1094864922_admin-----------> IsInRole=True
ATUL\SSO Administrators-----------> IsInRole=True
S-1-5-21-2875354219-2406699116-2307019780-1068-----------> IsInRole=False
BUILTIN\Administrators-----------> IsInRole=True
BUILTIN\Power Users-----------> IsInRole=True
BUILTIN\Users-----------> IsInRole=True
NT AUTHORITY\INTERACTIVE-----------> IsInRole=True
NT AUTHORITY\Authenticated Users-----------> IsInRole=True
NT AUTHORITY\This Organization-----------> IsInRole=True
LOCAL-----------> IsInRole=True
DOMAIN-LAN\SSOAdminGroup-----------> IsInRole=True

"ATUL" is the machine name. I do not see the Group which has been created
newly on the domain. Also, there are two more local groups in the local
machine, and user is part of these two groups, but the group names are not
shown here. Why is it so?

http://www.leastprivilege.com/ShowContextsAnotherUpdateIAdmitIt.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Yes!

MyDomain\atuls is NOT part of ROLE.

"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be631993748c825346c6fb540@xxxxxxxxxxxxxxxxxxxxx

what does Context.User.Identity.Name say - the username you are
expecting?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

As you said, I have modified the web.config as:

<authorization>
<allow roles="MyDomain\\WMS_ADMINISTRATORS"/>
</authorization>
And the Page_Load Code is:
protected void Page_Load(object sender, EventArgs e)
{
if (Context.User.IsInRole("MyDomain\\WMS_ADMINISTRATORS"))
{
Label1.Text = Context.User.Identity.Name + " is part of
ROLE";
}
else
{
Label1.Text = Context.User.Identity.Name + " is NOT part
of
ROLE";
}
}
What am I missing here? I have verified that current logged on user
is
part of MyDomain\\WMS_ADMINISTRATORS group.
"Dominick Baier [DevelopMentor]"
<dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4580be6319936c8c8252d26f58370@xxxxxxxxxxxxxxxxxxxxx

hi,
you have to use the domain\groupname format for windows groups.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi,

I am facing a weird problem related to ASP.NET 2.0 Roles. I have
web.Config file having security settings:

<authentication mode="Windows"/>

<authorization>

<allow roles=".\WMSAdmin" />

</authorization>

And during Page_Load() event, when I check whether current logged
on user is in the Role specified then it fails, however, the user
is part of this Role on the local machine:

If Not Page.User.IsInRole("WMSAdmin") Then

Trace.Write("Page user is NOT part of WMSAdminGroup")

Server.Transfer("~/NoAccess.aspx")

Else

Trace.Write("Page user " & Page.User.Identity.Name & " is PART of
WMSAdmin Group.")

End If

Any guesses, what am I missing here.
Regards,
Atul

.

---

• Follow-Ups:
  • Re: ASP.NET 2.0 Authorization Roles
    • From: Joe Kaplan \(MVP - ADSI\)

• References:
  • Re: ASP.NET 2.0 Authorization Roles
    • From: Atul
  • Re: ASP.NET 2.0 Authorization Roles
    • From: Dominick Baier [DevelopMentor]

• Prev by Date: Re: SecurityIdentifier not marked as serializable
• Next by Date: Get username in Win/anon web
• Previous by thread: Re: ASP.NET 2.0 Authorization Roles
• Next by thread: Re: ASP.NET 2.0 Authorization Roles
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ASP.NET 2.0 Authorization Roles ... Dominick Baier - DevelopMentor ... you have to use the domain\groupname format for windows groups. ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP.NET 2.0 Authorization Roles ... Dominick Baier - DevelopMentor ... what am I missing here. ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP.NET 2.0 Authorization Roles ... Dominick Baier - DevelopMentor ... what am I missing here. ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP.Net 2.0: Problem User.isinrole() instead o ... Dominick Baier - DevelopMentor ... the users' authorization to the element in ... The element must use the AzMan role names in the ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP.NET 2.0 Authorization Roles ... Dominick Baier - DevelopMentor ... you have to use the domain\groupname format for windows groups. ... what am I missing here. ... (microsoft.public.dotnet.framework.aspnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)