Does IsInRole() grab just Groups? Can I get Organizational Units?

Discussion in 'ASP .Net Security' started by Craig Vedur, Sep 1, 2005.

  1. Craig Vedur

    Craig Vedur Guest

    Hey,

    I posted before about IsInRole and was told if you do Windows Authentication
    with Identity Impersonation, you can check against security groups. However,
    the LDAP is separated into Organizational Units. I did a test and am
    assuming IsInRole() will not test for OU membership? Can anyone confirm this?

    I guess the only way to check for OU membership is to traverse a
    DirectoryEntry root w/ System.DirectoryServices.dll

    Can anyone help w/ this?

    Thanks
     
    Craig Vedur, Sep 1, 2005
    #1
    1. Advertising

  2. Hello Craig,

    no - IsInRole checks for the security groups a user is member of.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hey,
    >
    > I posted before about IsInRole and was told if you do Windows
    > Authentication with Identity Impersonation, you can check against
    > security groups. However, the LDAP is separated into Organizational
    > Units. I did a test and am assuming IsInRole() will not test for OU
    > membership? Can anyone confirm this?
    >
    > I guess the only way to check for OU membership is to traverse a
    > DirectoryEntry root w/ System.DirectoryServices.dll
    >
    > Can anyone help w/ this?
    >
    > Thanks
    >
     
    Dominick Baier [DevelopMentor], Sep 1, 2005
    #2
    1. Advertising

  3. Yes, you must do an LDAP query to get OU information. This seems like a
    weird thing to do though. Are you sure you need this?

    OUs are typically created to organize users for group policy and delegation
    of administration. Making security decisions based on a user's OU isn't the
    intent.

    Joe K.

    "Craig Vedur" <> wrote in message
    news:...
    > Hey,
    >
    > I posted before about IsInRole and was told if you do Windows
    > Authentication
    > with Identity Impersonation, you can check against security groups.
    > However,
    > the LDAP is separated into Organizational Units. I did a test and am
    > assuming IsInRole() will not test for OU membership? Can anyone confirm
    > this?
    >
    > I guess the only way to check for OU membership is to traverse a
    > DirectoryEntry root w/ System.DirectoryServices.dll
    >
    > Can anyone help w/ this?
    >
    > Thanks
     
    Joe Kaplan \(MVP - ADSI\), Sep 7, 2005
    #3
  4. Hmm.. As Joe Adviced i don't think u need OU's
    What you need i think is ROLES.
    Patrick

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > Yes, you must do an LDAP query to get OU information. This seems like a
    > weird thing to do though. Are you sure you need this?
    >
    > OUs are typically created to organize users for group policy and

    delegation
    > of administration. Making security decisions based on a user's OU isn't

    the
    > intent.
    >
    > Joe K.
    >
    > "Craig Vedur" <> wrote in message
    > news:...
    > > Hey,
    > >
    > > I posted before about IsInRole and was told if you do Windows
    > > Authentication
    > > with Identity Impersonation, you can check against security groups.
    > > However,
    > > the LDAP is separated into Organizational Units. I did a test and am
    > > assuming IsInRole() will not test for OU membership? Can anyone confirm
    > > this?
    > >
    > > I guess the only way to check for OU membership is to traverse a
    > > DirectoryEntry root w/ System.DirectoryServices.dll
    > >
    > > Can anyone help w/ this?
    > >
    > > Thanks

    >
    >
     
    Patrick.O.Ige, Oct 31, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    1,339
  2. Web Giant
    Replies:
    0
    Views:
    399
    Web Giant
    Jul 18, 2005
  3. Replies:
    4
    Views:
    500
  4. Mike

    Distribution groups & IsInRole & Windows Auth

    Mike, Sep 1, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    148
    Joe Kaplan \(MVP - ADSI\)
    Sep 1, 2004
  5. Craig Vedur
    Replies:
    5
    Views:
    702
Loading...

Share This Page