Re: How to determine if the logged on user is in a group
- From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 02 Jan 2006 10:56:15 -0800
hi,
you don't have to reboot - but to re-login.
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com
Thanks, I found that you to reboot the SERVER after you create a new group and put users in it so that the new group and the users appear in the whoami list on the server. you also have to reboot the local machine or the new server group and the local whoami execution will not detect if the user is in a role. I think this behaviour, if it is by design , sucks, think about what it implies in any business that uses its computers intensively and needs them up 24 7. If its a design flaw it needs to get fixed pronto! My regards and happy new year to all who helped. Bob "Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4580be63182edd8c7dae0fbb60837@xxxxxxxxxxxxxxxxxxxxx
By the way the MY is a new object in VB net 2005. You can use it with things like MY.user It gives you the currently logged in user that is using youri know - i meant i am not sure what it does under the cover because i haven't checked yet... :)
that's what i just did...
ok - i would not recommend My.User
before you can use My.User you have to call
My.User.InitializeWithWindowsUser()
which sets Thread.CurrentPrincipal to new WindowsPrincipal(WindowsIdentity.GetCurrent())
afterwards properties like Name and IsAuthenticated are just forwarded to Thread.CurrentPrincipal
A big problem i see is that only the string and WindowsBuiltInRole overload for IsInRole is present. WindowsPrincipal.IsInRole is much more powerful. Especially support for Wellknown SIDs... But hey - if MY.User provides all the functionality you ever gonna need - thats fine :) just my 2cents --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.comThanks Dominic, I think the problem is not in my code. I saw that isinrole works with domains OK but I just found that when I ran the whoami.exe /groups the custom groups that Bob belongs to on the DC do not appear in his membership list although he is a member of these groups. Only 15 groups appear when I run Whoami, One custom group on the local workstation and all built-in groups on the DC. I now think I have to find out why thed groups don't appear in the workstation. I just tested whoami for the same user on the DC and the custom groups I created do not appear in the list there either. By the way the MY is a new object in VB net 2005. You can use it with things like MY.user It gives you the currently logged in user that is using your app. My.appsettings lets you get application specific setting from the config file etc.. Its easier than it was which is a good thing :-) But some things don't work as advertised :-( oh well, what else is new :-) If anyone can give me hint how to solve this thing I would really appreciate it. Bob
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4580be63182b6f8c7dad184c2a5c1@xxxxxxxxxxxxxxxxxxxxx
Hi, don't know what My.. exactly does.. but this works (i assume this is a desktop app) WindowsIdentity id = WindowsIdentity.GetCurrent(); WindowsPrincipal p = new WindowsPrincipal(id);
if (p.IsInRole(@"Domain\SomeGroup")) Console.WriteLine("You are member of some group"); IsInRole works with domain accounts.
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.comSorry if this is a bit of crosspost. I'm using VS2005 and VB.net. I have a DC W2K that has a user group I created, MyUsers, I put existing User Bob in that group. I need in my VB app to determine if the currently logged on user is a member of that group. I tried using my.user.isinrole("MyUsers") but I'm told that that only looks at the local user groups, not the domain user groups. (not sure if this is correct) because I gan get the domain name from my user, no problem. In any case, to test that, I added a local user group to my WinXp workstation MyUsers and put user Bob (the domain user account) in the local MyUsers group. Still the code does not work. However when using built-in groups like administrators the isinrole function works fine. So it seems there must be a different way to find out if a user is part of a custom group.
Does anyone know of a bit of code that lets you verify if the currently logged on user is a member of a group on a domain or on the local computer?
I'm at my wits end and I really would appreciate any help.
Bob
.
- References:
- Prev by Date: Re: How to determine if the logged on user is in a group
- Next by Date: Re: "secure" flag for HttpCookies
- Previous by thread: Re: How to determine if the logged on user is in a group
- Next by thread: Re: 2.0 forms authentication
- Index(es):
Relevant Pages
|
|
