Getting Group Membership

Discussion in 'ASP .Net Security' started by Raterus, Sep 9, 2004.

  1. Raterus

    Raterus Guest

    Hi,

    I'm trying to do something that I think should be pretty easy, take the user who is authenticated with the application (intranet application/ integrated windows authentication), and determine if they are in "this group".

    Before, I had queried active directory, got the list of groups for the user and compared, but then I realized that the IsInRole Function may actually work in this case. I tried it and it doesn't seem to be working correctly. Here is what I've tried so far.

    I'm impersonating in my application, so I tried this....didn't work
    Dim blah As WindowsPrincipal = New WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent())
    If blah.IsInRole("Domain Admins") = True Then
    'is a domain admin
    End If

    Then I tried this:
    If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
    'is a domain admin
    End If

    Still didn't return true (I am a member of this group too!) Am I missing something here, or so I just go back to querying active directory myself for group membership?

    Thanks for any help!
    --Michael
     
    Raterus, Sep 9, 2004
    #1
    1. Advertising

  2. Try to add the domain before the group name (i.e. "domain\\Domain Admins" )

    --
    Hernan de Lahitte
    Lagash Systems S.A.
    http://weblogs.asp.net/hernandl


    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Raterus" <> wrote in message
    news:...
    Hi,

    I'm trying to do something that I think should be pretty easy, take the user
    who is authenticated with the application (intranet application/ integrated
    windows authentication), and determine if they are in "this group".

    Before, I had queried active directory, got the list of groups for the user
    and compared, but then I realized that the IsInRole Function may actually
    work in this case. I tried it and it doesn't seem to be working correctly.
    Here is what I've tried so far.

    I'm impersonating in my application, so I tried this....didn't work
    Dim blah As WindowsPrincipal = New
    WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent())
    If blah.IsInRole("Domain Admins") = True Then
    'is a domain admin
    End If

    Then I tried this:
    If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
    'is a domain admin
    End If

    Still didn't return true (I am a member of this group too!) Am I missing
    something here, or so I just go back to querying active directory myself for
    group membership?

    Thanks for any help!
    --Michael
     
    Hernan de Lahitte, Sep 9, 2004
    #2
    1. Advertising

  3. Raterus

    Raterus Guest

    That did it!, thanks

    "Hernan de Lahitte" <> wrote in message news:...
    > Try to add the domain before the group name (i.e. "domain\\Domain Admins" )
    >
    > --
    > Hernan de Lahitte
    > Lagash Systems S.A.
    > http://weblogs.asp.net/hernandl
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    > "Raterus" <> wrote in message
    > news:...
    > Hi,
    >
    > I'm trying to do something that I think should be pretty easy, take the user
    > who is authenticated with the application (intranet application/ integrated
    > windows authentication), and determine if they are in "this group".
    >
    > Before, I had queried active directory, got the list of groups for the user
    > and compared, but then I realized that the IsInRole Function may actually
    > work in this case. I tried it and it doesn't seem to be working correctly.
    > Here is what I've tried so far.
    >
    > I'm impersonating in my application, so I tried this....didn't work
    > Dim blah As WindowsPrincipal = New
    > WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent())
    > If blah.IsInRole("Domain Admins") = True Then
    > 'is a domain admin
    > End If
    >
    > Then I tried this:
    > If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
    > 'is a domain admin
    > End If
    >
    > Still didn't return true (I am a member of this group too!) Am I missing
    > something here, or so I just go back to querying active directory myself for
    > group membership?
    >
    > Thanks for any help!
    > --Michael
    >
    >
     
    Raterus, Sep 10, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jan Nielsen

    Checking group membership

    Jan Nielsen, Sep 2, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    1,041
    Jan Nielsen
    Sep 2, 2003
  2. cameron

    User Group Membership

    cameron, Jun 9, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    2,147
    John Saunders
    Jun 10, 2004
  3. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    best way of checking for Group membership?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Feb 26, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    286
    =?Utf-8?B?ZGhucml2ZXJzaWRl?=
    Feb 26, 2005
  4. Tino Donderwinkel
    Replies:
    2
    Views:
    824
    Tino Donderwinkel
    Jun 18, 2008
  5. Dominick Baier

    Getting Group Membership

    Dominick Baier, Sep 12, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    134
    Dominick Baier
    Sep 12, 2004
Loading...

Share This Page