Re: WindowsTokenRoleProvider & Domain Groups
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Feb 2007 08:15:06 +0000 (UTC)
I wouldn't use the WTRP at all - it doesn't give you any advantages besides making it even more confusing at times...
Just use no role provider with Windows authentication and you can find a WindowsPrincipal sitting on Context.User which provides all the necessary functionality.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I've been researching using Domain Groups within our application. I
found a code sample that I've been experimenting with, but need
confirmation on one behavioral thing that I've noticed.
My web.config contains the following:
<system.web>
<authentication mode="Windows" />
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />
</system.web>
The IIS vdir has anonymous access turned off and Integrated Windows
Authentication turned on.
In my web page, I execute:
string[] members = Roles.GetRolesForUser();
The returned members include domain global groups and builtin groups.
The list does not include Domain Local groups to which I belong.
Is this expected behavior (the lack of domain local groups) or am I
doing something incorrectly?
.
- Follow-Ups:
- Re: WindowsTokenRoleProvider & Domain Groups
- From: Dominick Baier
- Re: WindowsTokenRoleProvider & Domain Groups
- Prev by Date: RE: How to start/stop windows service on a remote machine?
- Next by Date: Re: Question about cookie protection and FormsAuthentication.Encrypt
- Previous by thread: Re: WindowsTokenRoleProvider & Domain Groups
- Next by thread: Re: WindowsTokenRoleProvider & Domain Groups
- Index(es):
Relevant Pages
|
