GetRolesForUser ActiveDirectoryMembershipProvider

Discussion in 'ASP .Net Security' started by Jerry C, Mar 21, 2007.

  1. Jerry C

    Jerry C Guest

    I am using the ActiveDirectoryMembershipProvider for forms authentication in
    a application the user id validated with the line.

    if (Membership.ValidateUser(UserName.Text,Password.Text))
    {
    wp.IsInRole("cd\\System Admin") //Works great
    String ICdUser = WindowsIdentity.GetCurrent().Name;
    //gets user looks like this CD\\cdadmin
    String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work

    }

    The error is:
    Method is only supported if the user name parameter matches the user name in
    the current Windows Identity.

    I am using the line:
    <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
    enabled="true"/>
    for the role manager and I am sure the membership provider is working since
    the user is validated.
    since the line WindowsIdentity.GetCurrent().Name works and returns the user
    there must be a Windows Identity.

    What am I doing wrong.

    Thank you for helping





    --
    Jerry
    Jerry C, Mar 21, 2007
    #1
    1. Advertising

  2. The token role provider only works with

    <authentication mode="Windows" />

    And can't be mixed with membership.

    WindowsIdentity.GetCurrent returns the server identity - not the client one.

    a) there is no built in way to get roles from AD with forms authentication
    b) the token role provider is absolutely useless IMO


    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I am using the ActiveDirectoryMembershipProvider for forms
    > authentication in a application the user id validated with the line.
    >
    > if (Membership.ValidateUser(UserName.Text,Password.Text))
    > {
    > wp.IsInRole("cd\\System Admin") //Works great
    > String ICdUser = WindowsIdentity.GetCurrent().Name;
    > //gets user looks like this CD\\cdadmin
    > String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
    > }
    >
    > The error is:
    > Method is only supported if the user name parameter matches the user
    > name in
    > the current Windows Identity.
    > I am using the line:
    > <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
    > enabled="true"/>
    > for the role manager and I am sure the membership provider is working
    > since
    > the user is validated.
    > since the line WindowsIdentity.GetCurrent().Name works and returns
    > the user there must be a Windows Identity.
    >
    > What am I doing wrong.
    >
    > Thank you for helping
    >
    Dominick Baier, Mar 21, 2007
    #2
    1. Advertising

  3. Jerry C

    Jerry C Guest

    Dominick,

    Thank you for the answer. I will get the groups with LDAP


    --
    Jerry


    "Dominick Baier" wrote:

    > The token role provider only works with
    >
    > <authentication mode="Windows" />
    >
    > And can't be mixed with membership.
    >
    > WindowsIdentity.GetCurrent returns the server identity - not the client one.
    >
    > a) there is no built in way to get roles from AD with forms authentication
    > b) the token role provider is absolutely useless IMO
    >
    >
    > -----
    > Dominick Baier (http://www.leastprivilege.com)
    >
    > Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
    >
    > > I am using the ActiveDirectoryMembershipProvider for forms
    > > authentication in a application the user id validated with the line.
    > >
    > > if (Membership.ValidateUser(UserName.Text,Password.Text))
    > > {
    > > wp.IsInRole("cd\\System Admin") //Works great
    > > String ICdUser = WindowsIdentity.GetCurrent().Name;
    > > //gets user looks like this CD\\cdadmin
    > > String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
    > > }
    > >
    > > The error is:
    > > Method is only supported if the user name parameter matches the user
    > > name in
    > > the current Windows Identity.
    > > I am using the line:
    > > <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
    > > enabled="true"/>
    > > for the role manager and I am sure the membership provider is working
    > > since
    > > the user is validated.
    > > since the line WindowsIdentity.GetCurrent().Name works and returns
    > > the user there must be a Windows Identity.
    > >
    > > What am I doing wrong.
    > >
    > > Thank you for helping
    > >

    >
    >
    >
    Jerry C, Mar 21, 2007
    #3
  4. Jerry C

    Joe Kaplan Guest

    We have a sample from our book on our website that you can adapt to this
    purpose (ch 10).

    My co-author, Ryan, started writing an LDAP based role provider for AD that
    would compliment the MS AD membership provider but ran into a few snags with
    scalability and stopped giving it out to people. He hasn't had time yet to
    correct the errors and clean it up for distribution. Otherwise, I'd suggest
    you just download it from our site directly instead of our sample code.

    Maybe someday when he has more time...

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Jerry C" <> wrote in message
    news:...
    > Dominick,
    >
    > Thank you for the answer. I will get the groups with LDAP
    >
    >
    > --
    > Jerry
    >
    >
    > "Dominick Baier" wrote:
    >
    >> The token role provider only works with
    >>
    >> <authentication mode="Windows" />
    >>
    >> And can't be mixed with membership.
    >>
    >> WindowsIdentity.GetCurrent returns the server identity - not the client
    >> one.
    >>
    >> a) there is no built in way to get roles from AD with forms
    >> authentication
    >> b) the token role provider is absolutely useless IMO
    >>
    >>
    >> -----
    >> Dominick Baier (http://www.leastprivilege.com)
    >>
    >> Developing More Secure Microsoft ASP.NET 2.0 Applications
    >> (http://www.microsoft.com/mspress/books/9989.asp)
    >>
    >> > I am using the ActiveDirectoryMembershipProvider for forms
    >> > authentication in a application the user id validated with the line.
    >> >
    >> > if (Membership.ValidateUser(UserName.Text,Password.Text))
    >> > {
    >> > wp.IsInRole("cd\\System Admin") //Works great
    >> > String ICdUser = WindowsIdentity.GetCurrent().Name;
    >> > //gets user looks like this CD\\cdadmin
    >> > String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
    >> > }
    >> >
    >> > The error is:
    >> > Method is only supported if the user name parameter matches the user
    >> > name in
    >> > the current Windows Identity.
    >> > I am using the line:
    >> > <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
    >> > enabled="true"/>
    >> > for the role manager and I am sure the membership provider is working
    >> > since
    >> > the user is validated.
    >> > since the line WindowsIdentity.GetCurrent().Name works and returns
    >> > the user there must be a Windows Identity.
    >> >
    >> > What am I doing wrong.
    >> >
    >> > Thank you for helping
    >> >

    >>
    >>
    >>
    Joe Kaplan, Mar 21, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QmVuIFIu?=

    Roles.IsUserInRole maps call to GetRolesForUser... Why?

    =?Utf-8?B?QmVuIFIu?=, Mar 20, 2006, in forum: ASP .Net
    Replies:
    7
    Views:
    887
    Steven Cheng[MSFT]
    Mar 24, 2006
  2. mazdotnet

    Bind to Roles.GetRolesForUser

    mazdotnet, Sep 13, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    1,835
    Alexey Smirnov
    Sep 13, 2007
  3. Nathan Sokalski
    Replies:
    2
    Views:
    467
    Nathan Sokalski
    Aug 5, 2008
  4. Nathan Sokalski
    Replies:
    2
    Views:
    1,586
    Nathan Sokalski
    Aug 9, 2008
  5. Keith Patrick
    Replies:
    1
    Views:
    624
    Dominick Baier
    Aug 20, 2006
Loading...

Share This Page