Re: WindowsTokenRoleProvider & Domain Groups
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Feb 2007 21:01:14 -0600
There isn't actually an ActiveDirectoryRoleProvider to match the membership
provider (to my knowledge), so I'm not sure how you are getting the group
info. My co-author, Ryan, is actually working on an LDAP-based AD role
provider that we'll release at the website below when he's finished it.
Out of curiosity, how are you getting a Windows token for the logged on user
when you are using the ActiveDirectoryMembershipProvider? Normally, you get
a Windows token when you use Windows authentication.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:0077BD5F-55BA-41C4-8D65-B8F3967ECE8E@xxxxxxxxxxxxxxxx
I'll take a look at that.
I'm wondering if it might have anything to do with the way I'm connecting
to
AD. The connection string I'm using is LDAP://wagner.local, but in some of
the examples I've seen there's a bunch of CNs and UOs and other
two-letter-acronyms at the end of the string. Might that have anything to
do
with not seeing the DLGs?
I may end up just switching the way I'm doing this and query AD for the
user
info using the ActiveDirectoryMembershipProvider. It allows me to get
everything about the user, including their group memberships (and with
that
code I am seeing the DLGs, an added bonus :-)).
"Joe Kaplan" wrote:
Well, the Windows token for you on the web server should contain the
DLGs.
You might try getting the WindowsIdentity object associated with the user
and looking at the Groups property. If the DLGs aren't in there, then I
don't know what the problem is. On the other hand, I don't know why the
role provider method wouldn't return those if they were in the token, so
there is a mystery in general.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:5861FC23-7304-4D98-8B62-2963C0707EC1@xxxxxxxxxxxxxxxx
The web server is in the same domain as the DLGs.
"Joe Kaplan" wrote:
Are those domain local groups that are local to the domain the web
server
is
in? If the web server is in a different domain than the DLGs, then
that
is
the expected behavior.
.
- Follow-Ups:
- Re: WindowsTokenRoleProvider & Domain Groups
- From: Steven Cheng[MSFT]
- Re: WindowsTokenRoleProvider & Domain Groups
- References:
- Re: WindowsTokenRoleProvider & Domain Groups
- From: Joe Kaplan
- Re: WindowsTokenRoleProvider & Domain Groups
- From: Joe Kaplan
- Re: WindowsTokenRoleProvider & Domain Groups
- Prev by Date: Failed to Access to Networked Resources
- Next by Date: Getting GROUPS from Active Directory by inputing an AD username
- Previous by thread: Re: WindowsTokenRoleProvider & Domain Groups
- Next by thread: Re: WindowsTokenRoleProvider & Domain Groups
- Index(es):
Relevant Pages
|
