Re: Any chance to differ local group or domain group from windowsIdentity groups?
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Feb 2007 18:05:06 +0000 (UTC)
So you want to check if a user is domain admin - not local admin?
you can construct a SecurityIdentitifier using the WellknownSids enum - there you will find domain admins -
for the 2nd parameter - the issuer SID - use WindowsIdentity.User.AccountDomainSid
HTH
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Hi,
When a user belongs to local admin, but not domain admin group, can I
still use windowsidentity.groups or windowsprincipal.isinrole?
The thing is that I need to make sure that the user belongs to domain
admin group(the builtin administrators group in a domain). If I use
windowsIdentity class, a user belonging to a local admin( a builtin
administrators group on the machine) will return true.
I think the reason is that builtin administrators group on a computer
or on a machine has the same sid- S-1-5-32-544.
Is there a way to do it with windowsIdentity class? Or is it a way to
differ a local builtin computer group and builtin domain group?
Thanks
If I use windows principal and windowsIdentiy
.
- Follow-Ups:
- Re: Any chance to differ local group or domain group from windowsIdentity groups?
- From: Dominick Baier
- Re: Any chance to differ local group or domain group from windowsIdentity groups?
- Prev by Date: How do you access a user's Profile from a VB Project???
- Next by Date: Re: Any chance to differ local group or domain group from windowsIdentity groups?
- Previous by thread: How do you access a user's Profile from a VB Project???
- Next by thread: Re: Any chance to differ local group or domain group from windowsIdentity groups?
- Index(es):
Relevant Pages
|
