Re: Check group member ship or a user

From: Sameh Ahmed (essoplus_at_hotmail.com)
Date: 02/24/05

  • Next message: veeresh nerlige: "Implementation of RSOP" 
    Date: Thu, 24 Feb 2005 11:55:11 +0200

    Thanks Dominick
    I already used
    Dim s As New
    Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent)
    If (s.IsInRole("domain\group")) = True Then
    allow = 1
    End If
    it works in AD enviroment but not locally !!:O
    thanks a lot.
    will try this one and tell you whathappens

    "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
    wrote in message news:40765632447882544516800@news.microsoft.com...
    > Hello Sameh,
    >
    > hmm - try
    >
    > AppDomain.Current.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) at
    > the beginning of your App (main)
    > then afterwards
    >
    > if (Thread.CurrentPrincipal.IsInRole(".."));
    >
    > (sorry - only compiled with Omea Reader :)
    >
    > does that work??
    >
    > dominick
    >
    >> Hello Dominick
    >> Thanks for your time
    >> it's a windows form application using VB .net
    >> I do almost the same as you explained below
    >> Dim s As New
    >> Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsI
    >> dentity.GetCurrent)
    >> MsgBox(s.Identity.Name)
    >> MsgBox(s.IsInRole("machinename\groupname"))
    >> and it simply always returns false
    >> although, there is a group called "groupname" and the machine is
    >> called
    >> "machinename"
    >> any ideas would be really appricated.
    >> Regards
    >> Sameh
    >> "Dominick Baier [DevelopMentor]"
    >> <dbaier@pleasepleasenospamdevelop.com> wrote in message
    >> news:eQ$%23do0FFHA.3824@TK2MSFTNGP10.phx.gbl...
    >>
    >>> sure!
    >>>
    >>> You have to construct a WindowsPrincipal object for that user.
    >>>
    >>> What kind of application are we talking about?
    >>>
    >>> In Console/WinForms apps you get the current logged on user with
    >>>
    >>> WindowsIdentity id = WindowsIdentity.GetCurrent();
    >>>
    >>> and then construct a WindowsPrincipal with:
    >>>
    >>> WindowsPrincipal principal = new WindowsPrincipal(identity);
    >>>
    >>> after that you can call:
    >>>
    >>> if (principal.IsInRole(@"DOMAIN\Marketing"))
    >>> ...
    >>> i did a talk at WinDev about this topic and you can find the slides
    >>> and some democode here:
    >>> http://www.leastprivilege.com/PermaLink.aspx?guid=14fd81b2-dc23-4670-
    >>> bf04-ad16552083f3
    >>>
    >>> ---
    >>> Dominick Baier - DevelopMentor
    >>> http://www.leastprivilege.com
    >>> nntp://news.microsoft.com/microsoft.public.dotnet.security/
    >>> HA.2736@TK2MSFTNGP09.phx.gbl>
    >>>
    >>> Hello there
    >>> Is there a way through dotNet to check if a certain user is a member
    >>> of a
    >>> specific group?
    >>> I use ADSI to get the memberships of the user then compare them to
    >>> the
    >>> group
    >>> I want to check, but this way the user has to be a member of this
    >>> group
    >>> directly and if he is a member of a group that is a member of that
    >>> group
    >>> he
    >>> will not be considered a member of the group I am checking although
    >>> he is
    >>> implicitly.
    >>> so basically what I need is a method that takes the user name and the
    >>> group
    >>> name and check if this user is a member both implicitly or
    >>> explicitly.
    >>> Any ideas?
    >>> Regards
    >>> Sameh
    >>> [microsoft.public.dotnet.security]
    >>>
    >
    >
    >

  • Next message: veeresh nerlige: "Implementation of RSOP"