Check group member ship or a user

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 02/20/05 

To: microsoft.public.dotnet.security
Date: Sun, 20 Feb 2005 04:45:53 -0800

sure!

 You have to construct a WindowsPrincipal object for that user.

 What kind of application are we talking about?

 In Console/WinForms apps you get the current logged on user with

 WindowsIdentity id = WindowsIdentity.GetCurrent();

 and then construct a WindowsPrincipal with:

 WindowsPrincipal principal = new WindowsPrincipal(identity);

 after that you can call:

 if (principal.IsInRole(@"DOMAIN\Marketing"))
 ...

 i did a talk at WinDev about this topic and you can find the slides and some democode here:
 http://www.leastprivilege.com/PermaLink.aspx?guid=14fd81b2-dc23-4670-bf04-ad16552083f3

 

 ---
 Dominick Baier - DevelopMentor
 http://www.leastprivilege.com

   nntp://news.microsoft.com/microsoft.public.dotnet.security/>

 Hello there
 Is there a way through dotNet to check if a certain user is a member of a
 specific group?
 I use ADSI to get the memberships of the user then compare them to the group
 I want to check, but this way the user has to be a member of this group
 directly and if he is a member of a group that is a member of that group he
 will not be considered a member of the group I am checking although he is
 implicitly.
 so basically what I need is a method that takes the user name and the group
 name and check if this user is a member both implicitly or explicitly.
 Any ideas?
 Regards
 Sameh
 
 
 
 [microsoft.public.dotnet.security]

Relevant Pages

  • Re: Problem checking users role
    ... You shouldn't need to cast the class to check IsInRole. ... IsInRole is a member of the IPrincipal interface which is ... not the WindowsIdentity class. ...
    (microsoft.public.dotnet.security)
  • Re: Problem checking users role
    ... all the local groups in it, and a lot of entries are NOTHING. ... the isinrole function is taking a long time and it is always ... IsInRole is a member of the IPrincipal interface which ... > implemented by the WindowsPrincipal class, not the WindowsIdentity class. ...
    (microsoft.public.dotnet.security)
  • Problem solved
    ... I'm keeping the stuff about reflection for my notes - ... IsInRole is a member of the IPrincipal interface which ... > implemented by the WindowsPrincipal class, not the WindowsIdentity class. ... If you set up Forms authentication, ...
    (microsoft.public.dotnet.security)
  • Re: Problem checking users role
    ... inside IsInRole unless it's a key in the config file that returns the actual ... > group, and made myself a member of it, on our domain server (which runs ... > After reading that I need to cast the User object to a WindowsIdentity ... > the syntax error but the code still tests false. ...
    (microsoft.public.dotnet.security)