Re: Check group membership, the sequel
From: Sameh Ahmed (essoplus_at_hotmail.com)
Date: 02/22/05
- Previous message: Dominick Baier [DevelopMentor]: "Re: Check group membership, the sequel"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Check group membership, the sequel"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Check group membership, the sequel"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Check group membership, the sequel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Feb 2005 04:21:55 +0200
I need to specify a different use the one used to run the code
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:u1k4QLEGFHA.1392@tk2msftngp13.phx.gbl...
> IsInRole supports fully nested security group membership (assuming you are
> on a 2000 native AD domain that supports nested groups). You don't have
> to do anything extra to make this work.
>
> Joe K.
>
> "Sameh Ahmed" <essoplus@hotmail.com> wrote in message
> news:%234%23cFHEGFHA.3336@TK2MSFTNGP10.phx.gbl...
>> The code you sent worked very good.
>> and in a domain environment the isinrole worked also very well.
>> I use it to make the decision if the current user (running the
>> application) has the right to be using it or the application should quit.
>> So for this part, it was solved and everything work in a very good way.
>> within the functionality of the application, I need to take a decision on
>> how to handle users depending on their group memberships, IE if the
>> "domain\user" belongs to the group "domain\group" it should be dealt with
>> in the manner A, and if it belongs to the "domain\another group" it
>> should be handled in the manner B.
>> do I need to check if the user belongs to a certain group or not
>> (explicitly or implicitly by belonging to a group that is a member of the
>> "domain\group")
>> Hope I made myself clear on that one.
>> thanks again.
>> Regards
>> Sameh
>> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>
>> wrote in message news:%23%23BpSEDGFHA.1396@tk2msftngp13.phx.gbl...
>>>I still think you should be using WindowsPrincipal::IsInRole. What
>>>happened when you tried the reflection code I suggested?
>>>
>>> It is possible to do group membership expansion programmatically, but it
>>> seems like it would be better to try and get the built in stuff that
>>> already supports this working.
>>>
>>> Joe K.
>>>
>>> "Sameh Ahmed" <essoplus@hotmail.com> wrote in message
>>> news:Oy8a4nCGFHA.3928@TK2MSFTNGP09.phx.gbl...
>>>> Hello there
>>>> IsInrole gives ya the means to check if the current or impersonated
>>>> user belongs to a specific windows role or group.
>>>> is there a way to do the same without using ADSI to check if
>>>> "domain\user" belongs to "domain\group"?
>>>> the reason is, when getting the "memberof" property of a user, then
>>>> checking if it contains the desired group or not.
>>>> this will only work if the user is a member of the group itself but not
>>>> when he is a member of a group that belongs to the designated group.
>>>> Do I make sense?
>>>> Regards
>>>> Sameh
>>>>
>>>
>>>
>>
>>
>
>
- Previous message: Dominick Baier [DevelopMentor]: "Re: Check group membership, the sequel"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Check group membership, the sequel"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Check group membership, the sequel"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Check group membership, the sequel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
