Get List of Roles and Translate(typeof(NTAccount))

Discussion in 'ASP .Net Security' started by Mario.Trafficante@qg.com, Aug 9, 2006.

  1. Guest

    I am attempting to get a list of the security groups a specific user is
    a member of when logging into our applications. After finding many
    methods, I settled on the preferred suggested method of using an
    IdentityReferenceCollection within the .NET 2.0 frame work. This works
    well except for one thing, the NTAccount.Value for certain groups is
    trucated. The entire active directory group name is not returned, only
    a trucated version of it. I know there are other formats of the name
    e.g. displayname etc... How or can I get access to the other name
    formats through this call?

    thanks Mario

    string[] securityidentifiers = null;
    string samAccountQuery =
    String.Format("(|(sAMAccountName={0})(sAMAccountName={0}$))",
    username.Substring(username.IndexOf("\\") + 1).Trim());

    using (DirectoryEntry securedirectoryentry = new
    DirectoryEntry(ldap, null, null, AuthenticationTypes.Secure))
    {
    using (DirectorySearcher securedirectorysearcher = new
    DirectorySearcher(securedirectoryentry, samAccountQuery))
    {
    SearchResult securesearchresult =
    FindOne(securedirectorysearcher);
    if (securesearchresult != null)
    {
    //now unravel the tokenGroups (we'll use the
    universal groups too)
    using (DirectoryEntry account =
    securesearchresult.GetDirectoryEntry())
    {

    IdentityReferenceCollection irc =
    ExpandTokenGroups(account);

    securityidentifiers = new
    string[irc.Count];
    int t = 0;
    foreach (IdentityReference ir in irc)
    {
    IdentityReference accounts =
    ir.Translate(typeof(NTAccount));
    securityidentifiers[t] =
    accounts.Value;
    t++;
    }
    }
    }
    }
     
    , Aug 9, 2006
    #1
    1. Advertising

  2. You can't get access to the other name formats with
    IdentityReferenceCollection, only the names used for security purposes. If
    you want to get other name versions, you can either do an LDAP query to AD
    to find the info, or do a p/invoke to something like the DsCrackNames API
    (which is also wrapped by the IADsNameTranslate ADSI COM component).

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    <> wrote in message
    news:...
    >I am attempting to get a list of the security groups a specific user is
    > a member of when logging into our applications. After finding many
    > methods, I settled on the preferred suggested method of using an
    > IdentityReferenceCollection within the .NET 2.0 frame work. This works
    > well except for one thing, the NTAccount.Value for certain groups is
    > trucated. The entire active directory group name is not returned, only
    > a trucated version of it. I know there are other formats of the name
    > e.g. displayname etc... How or can I get access to the other name
    > formats through this call?
    >
    > thanks Mario
    >
    > string[] securityidentifiers = null;
    > string samAccountQuery =
    > String.Format("(|(sAMAccountName={0})(sAMAccountName={0}$))",
    > username.Substring(username.IndexOf("\\") + 1).Trim());
    >
    > using (DirectoryEntry securedirectoryentry = new
    > DirectoryEntry(ldap, null, null, AuthenticationTypes.Secure))
    > {
    > using (DirectorySearcher securedirectorysearcher = new
    > DirectorySearcher(securedirectoryentry, samAccountQuery))
    > {
    > SearchResult securesearchresult =
    > FindOne(securedirectorysearcher);
    > if (securesearchresult != null)
    > {
    > //now unravel the tokenGroups (we'll use the
    > universal groups too)
    > using (DirectoryEntry account =
    > securesearchresult.GetDirectoryEntry())
    > {
    >
    > IdentityReferenceCollection irc =
    > ExpandTokenGroups(account);
    >
    > securityidentifiers = new
    > string[irc.Count];
    > int t = 0;
    > foreach (IdentityReference ir in irc)
    > {
    > IdentityReference accounts =
    > ir.Translate(typeof(NTAccount));
    > securityidentifiers[t] =
    > accounts.Value;
    > t++;
    > }
    > }
    > }
    > }
    >
     
    Joe Kaplan \(MVP - ADSI\), Aug 9, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Leon

    Using TypeOf?

    Leon, Nov 1, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    2,162
    Henri
    Nov 1, 2004
  2. fabioppp

    typeof and g++

    fabioppp, Feb 23, 2005, in forum: C++
    Replies:
    10
    Views:
    1,305
    Ben Hetland
    Feb 24, 2005
  3. baumann@pan
    Replies:
    15
    Views:
    2,254
    Mark McIntyre
    May 16, 2005
  4. Jéjé
    Replies:
    0
    Views:
    245
    Jéjé
    Sep 27, 2005
  5. acl.GetOwner(typeof(NTAccount))

    , Jul 26, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    364
    Joe Kaplan \(MVP - ADSI\)
    Jul 26, 2006
Loading...

Share This Page