Re: WindowsTokenRoleProvider & Domain Groups
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Feb 2007 08:33:09 +0000 (UTC)
ah - and this is how you retrieve groups then:
http://www.leastprivilege.com/GettingAllGroupsForAWindowsAccountInNET20.aspx
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I wouldn't use the WTRP at all - it doesn't give you any advantages
besides making it even more confusing at times...
Just use no role provider with Windows authentication and you can find
a WindowsPrincipal sitting on Context.User which provides all the
necessary functionality.
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
I've been researching using Domain Groups within our application. I
found a code sample that I've been experimenting with, but need
confirmation on one behavioral thing that I've noticed.
My web.config contains the following:
<system.web>
<authentication mode="Windows" />
<roleManager enabled="true"
defaultProvider="AspNetWindowsTokenRoleProvider" />
</system.web>
The IIS vdir has anonymous access turned off and Integrated Windows
Authentication turned on.
In my web page, I execute:
string[] members = Roles.GetRolesForUser();
The returned members include domain global groups and builtin groups.
The list does not include Domain Local groups to which I belong.
Is this expected behavior (the lack of domain local groups) or am I
doing something incorrectly?
.
- References:
- Re: WindowsTokenRoleProvider & Domain Groups
- From: Dominick Baier
- Re: WindowsTokenRoleProvider & Domain Groups
- Prev by Date: Re: Custom Profile Provider
- Next by Date: Re: Custom Profile Provider
- Previous by thread: Re: WindowsTokenRoleProvider & Domain Groups
- Next by thread: Re: Why do we have to modify default IE cookie settings here?
- Index(es):
Relevant Pages
|
