Re: Problem checking user's role
From: Abhishek Singhal (a.singhal_at_usa.net)
Date: 08/05/04
- Next message: M.S.: "Active directory Permission"
- Previous message: Wild Wind: "Re: Connecting to a web service thru a proxy server"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Problem checking user's role"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Problem checking user's role"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 5 Aug 2004 13:13:22 +0530
Hi
I am facing the same problem. I tried Joe's code.
What the code is returning is an array with 14 entreis. These entries have
all the local groups in it, and a lot of entries are NOTHING.
There are no Domain groups.
The identity is displaying the user name and everything correctly
[windowsidentity.getcurrent]
Additionally, the isinrole function is taking a long time and it is always
returning false.
Any comments ?
Thanks and Regards
Abhishek
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OvJYWA7VEHA.1652@TK2MSFTNGP09.phx.gbl...
> You shouldn't need to cast the class to check IsInRole. The method will
> delegate to whatever the actually implementing class' implementation does.
>
> Just to be clear, IsInRole is a member of the IPrincipal interface which
is
> implemented by the WindowsPrincipal class, not the WindowsIdentity class.
> WindowsIdentity is the class that is the Identity member of
> WindowsPrincipal.
>
> The way ASP.NET works is that depending on how it is configured, a
different
> implementation on IPrincipal will be set in the Context.User property by
the
> runtime. If you has set up Windows security (basically IIS security),
then
> your IPrincipal will be a WindowsPrincipal with the logged in user's
> identity in it. If you set up Forms authentication, it will be some kind
of
> IPrincipal with a FormsIdentity in the Identity property.
>
> Based on your last statement, it sounds like you have Windows
authentication
> set up correctly, so group-based checks should work. Therefore, It sounds
> like either the runtime isn't resolving your group name correctly
(unlikely
> but possible) or you have a spelling error in your group name.
>
> I've posted a sample here that shows how to use reflection to discover
what
> the actual list of groups is that you can use for testing purposes. Do
not
> use this in production code as reflecting on private members is NOT a good
> idea and the implementation may change in a future version of the
Framework!
>
> HTH,
>
> Joe K.
>
> 'Imports System.Security.Principal
> 'Imports System.Reflection
>
> Function GetRoles(byval identity as WindowsIdentity) as String()
>
> Dim idType As Type
> idType = GetType(WindowsIdentity)
> Dim result As Object =
> idType.InvokeMember("_GetRoles",BindingFlags.Static Or
> BindingFlags.InvokeMethod Or BindingFlags.NonPublic,Nothing, identity, New
> Object() {identity.Token}, Nothing)
> Dim roles() As String = DirectCast(result, String())
> Return roles
>
> End Function
>
> "Geoffrey Pennington" <penningtong@stic2.comNOSPAM> wrote in message
> news:u%23yGXQ6VEHA.2972@TK2MSFTNGP12.phx.gbl...
> > I am using ASP.Net and Visual Studio2003 on an XP Professional
development
> > machine. The web application I am developing needs to behave a little
> > differently for users who are members of the ISSAdmins group. I created
> this
> > group, and made myself a member of it, on our domain server (which runs
> > Windows 2000). Then, in the VB code, I wrote:
> >
> > If User.IsInRole(ConfigurationSettings.AppSettings("stic\ISSAdmins"))
Then
> > cbOverrideLimit.Enabled = True
> > End If
> >
> > where "stic" is our domain name. The "IF" tests false and I don't know
> why.
> >
> > After reading that I need to cast the User object to a WindowsIdentity
> > object I tried
> > 1. Adding "Imports System.Security.Principal" to the beginning of the
> code,
> > and
> > 2. changing the"IF" to
> > Dim WUser As WindowsIdentity = User
> > If WUser.IsInRole(ConfigurationSettings.AppSettings("CanOverride")) Then
> >
> > This code gave me a syntax error saying "IsInRole is not a member of
> > WindowsIdentity." I made WUser a WindowsPrincipal object, which got rid
of
> > the syntax error but the code still tests false.
> >
> > Can anyone tell me what the problem is? I know the system knows my user
ID
> > because I can obtain it from User.Identity.Name and display it on the
> > screen.
> >
> >
>
>
- Next message: M.S.: "Active directory Permission"
- Previous message: Wild Wind: "Re: Connecting to a web service thru a proxy server"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Problem checking user's role"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Problem checking user's role"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
