Re: WindowsPrinciple.IsInRole not working with cached info

From: John (john_at_nospam.com)
Date: 01/29/05

  • Next message: Nicole Calinoiu: "Re: System.Security.SecurityException: Exception from HRESULT: 0x800A0046" 
    Date: Fri, 28 Jan 2005 21:23:43 -0500

    Thanks Gecko, you got it right. The one thing I did not mention is that
    this software will be deployed to many domains, so the custom group SID will
    be different in each case.

    John

    "Gecko" <nada@nada.com> wrote in message
    news:e4N6hyZBFHA.4072@TK2MSFTNGP10.phx.gbl...
    > Assumptions:
    >
    > 1) I am not sure if I a missed something here but from what I read it
    > looks like when the user logs on (disconnected) it uses the SIDs that were
    > cached from the server the last time the user logged on (I think).
    >
    > 2) If you are using the windows built-in groups, they have a hardcode
    > SID (I think).
    >
    > 3) If you have to create custom groups or users then you will have
    > access to their SIDs, which will never change unless you recreate the
    group
    > (I think).
    >
    > 4) I am assuming that you currently hardcode the name of the groups
    in
    > you code to enforce your security (I think).
    >
    > Based on those assumptions, why don't you use the SID numbers to enforce
    > security in the first place? Instead of searching for the Administrator
    > group, search for its SID? this way you don't have to save anithing.
    >
    > http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330
    >
    > I am probably missing something but just trying to help.

  • Next message: Nicole Calinoiu: "Re: System.Security.SecurityException: Exception from HRESULT: 0x800A0046"

    Relevant Pages

    • Re: WindowsPrinciple.IsInRole not working with cached info
      ... Authenticate your WindowsIdentity ... > this software will be deployed to many domains, so the custom group SID ... >> you code to enforce your security. ... Instead of searching for the Administrator ...
      (microsoft.public.dotnet.security)
    • Re: GetOwner and IdentityNotMappedException
      ... the SID, then the .NET code should be able to also, all things being equal. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... especially when deleted security principals are involved. ...
      (microsoft.public.dotnet.security)
    • Re: Security issues with local filesystem caching
      ... bypassed (for instance the op that assigns a security label to an inode ... context if that was the basis of the check. ... the kernel that lasts as long as the cache is in active service. ... but once NFS had a SID, the two would then be the same. ...
      (Linux-Kernel)
    • Re: Filtered Sid
      ... Source: Microsoft Windows security auditing. ... The description says that a SID has been filtered, even though SID filtering ... We just created a forest trust relationship between an AD2003 domain ...
      (microsoft.public.windows.server.active_directory)
    • Re: GPO/AD NULL SID problems
      ... That will dump your entire security token which I am curious to see. ... randomly being assigned to the 'NULL SID' security group instead of 'AUTHENTICATED USERS'. ... Occasionally when you stop applying group policy to the afflicted computer it will sometimes go back to the 'AUTHENTICATED USERS' group on reboot, but most of the time you have to remove the computer from the domain and add it again to get it out of the 'NULL SID' group. ... Filtering: Not Applied ...
      (microsoft.public.windows.server.active_directory)