ASP.Net 2.0: Problem User.isinrole() <domain>\<user> instead of <u

S

Stefan

Hello!
I´m using windowsauthentication in my asp.net 2.0 website. I have some
problems using the rolemanager. I´m using the AuthorizationStoreRoleProvider
to perform "role checks" against active directory (win 2000).
The problem is that the User.Identity.Name is like <domain>\<user> and I
think that is what is used when checking roles, but it only works for me if i
only supply the <user> when checking a role.

Some output :
?user.Identity.Name
"myDomain\Steve"
?user.IsInRole("myRole")
False
?roles.IsUserInRole("Steve", "myRole")
True
?roles.IsUserInRole("myDomain\Steve", "myRole")
False

The problem here is that I´m using securitytrimming so that the user only
see´s links to pages which they have access to and this does not work becuase
of this. What can I do about this? Can i change something in my configuration
or can I change some property in active directory or something.

Thanks In Advance
/ Stefan
 
D

Dominick Baier [DevelopMentor]

Hello Stefan,

i guess you set up your authorization store like this

roleX points to domain\GroupX

or similar

you have to pass the name of the AzMan role into IsInRole.

The security trimming feature takes the url in the sitemap file and compares
the users' authorization to the <authorization> element in web.config.
The <authorization> element must use the AzMan role names in the allow/deny
elements.
 
S

Stefan

Hi Dominick!
Thanks for the reply.
Yes I´m passing the AzMan role to IsInRole.
Like User.IsInRole("roleX")

In AzMan it looks like:
Role Assignments:
-roleX "points at" MyAccountGroup(myDomain\MyAccountGroup)

But it doesn´t work:
?user.IsInRole("roleX")
?roles.IsUserInRole("Steve", "roleX")

What can be wrong?
 
D

Dominick Baier [DevelopMentor]

Hello Stefan,

and what do you see in

Context.User.Name
and
Context.User.GetType().FullName

?
 
D

Dominick Baier [DevelopMentor]

Hello Dominick Baier [DevelopMentor],

sorry - Context.User.Identity.Name
 
S

Stefan

?context.GetType.FullName
"System.Web.HttpContext"
?context.User.Identity.Name
"myDomain\Steve"
?context.User.Identity.IsAuthenticated
True
?context.User.Identity.AuthenticationType
"NTLM"

Dominick Baier said:
Hello Dominick Baier [DevelopMentor],

sorry - Context.User.Identity.Name

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello Stefan,

and what do you see in

Context.User.Name
and
Context.User.GetType().FullName
?
 
D

Dominick Baier [DevelopMentor]

Hello Stefan,

Context.User.GetType().FullName ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
?context.GetType.FullName
"System.Web.HttpContext"
?context.User.Identity.Name
"myDomain\Steve"
?context.User.Identity.IsAuthenticated
True
?context.User.Identity.AuthenticationType
"NTLM"
Dominick Baier said:
Hello Dominick Baier [DevelopMentor],

sorry - Context.User.Identity.Name

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello Stefan,

and what do you see in

Context.User.Name
and
Context.User.GetType().FullName
?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!
Thanks for the reply.
Yes I´m passing the AzMan role to IsInRole.
Like User.IsInRole("roleX")
In AzMan it looks like:
Role Assignments:
-roleX "points at" MyAccountGroup(myDomain\MyAccountGroup)
But it doesn´t work:
?user.IsInRole("roleX")
False

?roles.IsUserInRole("Steve", "roleX")

True

What can be wrong?

:

Hello Stefan,

i guess you set up your authorization store like this

roleX points to domain\GroupX

or similar

you have to pass the name of the AzMan role into IsInRole.

The security trimming feature takes the url in the sitemap file
and
compares
the users' authorization to the <authorization> element in
web.config.
The <authorization> element must use the AzMan role names in the
allow/deny
elements.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello!
I´m using windowsauthentication in my asp.net 2.0 website. I have
some
problems using the rolemanager. I´m using the
AuthorizationStoreRoleProvider
to perform "role checks" against active directory (win 2000).
The problem is that the User.Identity.Name is like
<domain>\<user>
and
I
think that is what is used when checking roles, but it only works
for
me if i
only supply the <user> when checking a role.
Some output :
?user.Identity.Name
"myDomain\Steve"
?user.IsInRole("myRole")
False
?roles.IsUserInRole("Steve", "myRole")
True
?roles.IsUserInRole("myDomain\Steve", "myRole")
False
The problem here is that I´m using securitytrimming so that the
user
only see´s links to pages which they have access to and this does
not
work becuase of this. What can I do about this? Can i change
something
in my configuration or can I change some property in active
directory
or something.
Thanks In Advance
/ Stefa
 
S

Stefan

? Context.User.GetType().FullName
Compiler Error Message: BC30456: 'GetType' is not a member of
'System.Security.Principal.IPrincipal'.


Dominick Baier said:
Hello Stefan,

Context.User.GetType().FullName ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
?context.GetType.FullName
"System.Web.HttpContext"
?context.User.Identity.Name
"myDomain\Steve"
?context.User.Identity.IsAuthenticated
True
?context.User.Identity.AuthenticationType
"NTLM"
Dominick Baier said:
Hello Dominick Baier [DevelopMentor],

sorry - Context.User.Identity.Name

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello Stefan,

and what do you see in

Context.User.Name
and
Context.User.GetType().FullName
?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!
Thanks for the reply.
Yes I´m passing the AzMan role to IsInRole.
Like User.IsInRole("roleX")
In AzMan it looks like:
Role Assignments:
-roleX "points at" MyAccountGroup(myDomain\MyAccountGroup)
But it doesn´t work:
?user.IsInRole("roleX")
False

?roles.IsUserInRole("Steve", "roleX")

True

What can be wrong?

:

Hello Stefan,

i guess you set up your authorization store like this

roleX points to domain\GroupX

or similar

you have to pass the name of the AzMan role into IsInRole.

The security trimming feature takes the url in the sitemap file
and
compares
the users' authorization to the <authorization> element in
web.config.
The <authorization> element must use the AzMan role names in the
allow/deny
elements.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello!
I´m using windowsauthentication in my asp.net 2.0 website. I have
some
problems using the rolemanager. I´m using the
AuthorizationStoreRoleProvider
to perform "role checks" against active directory (win 2000).
The problem is that the User.Identity.Name is like
<domain>\<user>
and
I
think that is what is used when checking roles, but it only works
for
me if i
only supply the <user> when checking a role.
Some output :
?user.Identity.Name
"myDomain\Steve"
?user.IsInRole("myRole")
False
?roles.IsUserInRole("Steve", "myRole")
True
?roles.IsUserInRole("myDomain\Steve", "myRole")
False
The problem here is that I´m using securitytrimming so that the
user
only see´s links to pages which they have access to and this does
not
work becuase of this. What can I do about this? Can i change
something
in my configuration or can I change some property in active
directory
or something.
Thanks In Advance
/ Stefan
 
D

Dominick Baier [DevelopMentor]

Hello Stefan,

??

string s = Context.User.GetType().FullName;

works for me on a page - are you really interested in solving that problem??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
? Context.User.GetType().FullName
Compiler Error Message: BC30456: 'GetType' is not a member of
'System.Security.Principal.IPrincipal'.
Dominick Baier said:
Hello Stefan,

Context.User.GetType().FullName ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
?context.GetType.FullName
"System.Web.HttpContext"
?context.User.Identity.Name
"myDomain\Steve"
?context.User.Identity.IsAuthenticated
True
?context.User.Identity.AuthenticationType
"NTLM"
:
Hello Dominick Baier [DevelopMentor],

sorry - Context.User.Identity.Name

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello Stefan,

and what do you see in

Context.User.Name
and
Context.User.GetType().FullName
?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!
Thanks for the reply.
Yes I´m passing the AzMan role to IsInRole.
Like User.IsInRole("roleX")
In AzMan it looks like:
Role Assignments:
-roleX "points at" MyAccountGroup(myDomain\MyAccountGroup)
But it doesn´t work:
?user.IsInRole("roleX")
False

?roles.IsUserInRole("Steve", "roleX")

True

What can be wrong?

:

Hello Stefan,

i guess you set up your authorization store like this

roleX points to domain\GroupX

or similar

you have to pass the name of the AzMan role into IsInRole.

The security trimming feature takes the url in the sitemap file
and
compares
the users' authorization to the <authorization> element in
web.config.
The <authorization> element must use the AzMan role names in the
allow/deny
elements.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello!
I´m using windowsauthentication in my asp.net 2.0 website. I
have
some
problems using the rolemanager. I´m using the
AuthorizationStoreRoleProvider
to perform "role checks" against active directory (win 2000).
The problem is that the User.Identity.Name is like
<domain>\<user>
and
I
think that is what is used when checking roles, but it only
works
for
me if i
only supply the <user> when checking a role.
Some output :
?user.Identity.Name
"myDomain\Steve"
?user.IsInRole("myRole")
False
?roles.IsUserInRole("Steve", "myRole")
True
?roles.IsUserInRole("myDomain\Steve", "myRole")
False
The problem here is that I´m using securitytrimming so that the
user
only see´s links to pages which they have access to and this
does
not
work becuase of this. What can I do about this? Can i change
something
in my configuration or can I change some property in active
directory
or something.
Thanks In Advance
/ Stefan
 
S

Stefan

?context.User
{System.Web.Security.RolePrincipal}
System.Web.Security.RolePrincipal: {System.Web.Security.RolePrincipal}
Identity: {System.Security.Principal.WindowsIdentity}

Context.User.GetType().FullName does not work for me and I don´t no why

Dominick Baier said:
Hello Stefan,

??

string s = Context.User.GetType().FullName;

works for me on a page - are you really interested in solving that problem??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
? Context.User.GetType().FullName
Compiler Error Message: BC30456: 'GetType' is not a member of
'System.Security.Principal.IPrincipal'.
Dominick Baier said:
Hello Stefan,

Context.User.GetType().FullName ??

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
?context.GetType.FullName
"System.Web.HttpContext"
?context.User.Identity.Name
"myDomain\Steve"
?context.User.Identity.IsAuthenticated
True
?context.User.Identity.AuthenticationType
"NTLM"
:
Hello Dominick Baier [DevelopMentor],

sorry - Context.User.Identity.Name

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello Stefan,

and what do you see in

Context.User.Name
and
Context.User.GetType().FullName
?
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi Dominick!
Thanks for the reply.
Yes I´m passing the AzMan role to IsInRole.
Like User.IsInRole("roleX")
In AzMan it looks like:
Role Assignments:
-roleX "points at" MyAccountGroup(myDomain\MyAccountGroup)
But it doesn´t work:
?user.IsInRole("roleX")
False

?roles.IsUserInRole("Steve", "roleX")

True

What can be wrong?

:

Hello Stefan,

i guess you set up your authorization store like this

roleX points to domain\GroupX

or similar

you have to pass the name of the AzMan role into IsInRole.

The security trimming feature takes the url in the sitemap file
and
compares
the users' authorization to the <authorization> element in
web.config.
The <authorization> element must use the AzMan role names in the
allow/deny
elements.
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hello!
I´m using windowsauthentication in my asp.net 2.0 website. I
have
some
problems using the rolemanager. I´m using the
AuthorizationStoreRoleProvider
to perform "role checks" against active directory (win 2000).
The problem is that the User.Identity.Name is like
<domain>\<user>
and
I
think that is what is used when checking roles, but it only
works
for
me if i
only supply the <user> when checking a role.
Some output :
?user.Identity.Name
"myDomain\Steve"
?user.IsInRole("myRole")
False
?roles.IsUserInRole("Steve", "myRole")
True
?roles.IsUserInRole("myDomain\Steve", "myRole")
False
The problem here is that I´m using securitytrimming so that the
user
only see´s links to pages which they have access to and this
does
not
work becuase of this. What can I do about this? Can i change
something
in my configuration or can I change some property in active
directory
or something.
Thanks In Advance
/ Stefan
 
S

Stefan

Still haven´t found a solution to this problem. A strange thing is that the
azman roles and account-groups I set up 2 weeks ago now works, but if I make
a new one it still doesn´t work (I set the new ones up yesterday). What can
be the problem?
?User.IsInRole("aRole")
False
?Roles.IsUserInRole("Steve", "aRole")
True
?User.Identity.Name
"<domainName>\Steve"

/ Stefan
 
D

Dominick Baier [DevelopMentor]

hi,

what about :

?Roles.IsUserInRole("domain\Steve", "aRole")
 
S

Stefan

?Roles.IsUserInRole("domain\Steve", "aRole")
False
?Roles.IsUserInRole("Steve", "aRole")
True
?User.IsInRole("aRole")
False
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,904
Latest member
HealthyVisionsCBDPrice

Latest Threads

Top