Re: User.IsInRole doesn't work for windows authentication?

Discussion in 'ASP .Net' started by Peter Bradley, Jan 17, 2007.

  1. Silly question, perhaps, but are you retrieving the groups from AD at some
    point and putting them in your WindowsPrincipal or whatever it is you use
    with Windows authentication?

    We use forms authentication, so it's a bit different for us, but we have to
    query AD to build up a list of roles.


    Peter

    "nkw" <> wrote in message
    news:D...
    >I am using <authentication mode="Windows"/>. I need to check if an user is
    >in
    > Active Directory groups. However, User.IsInRole(@".../.../...") always
    > return
    > false.
    >
    > Did I miss anything?
     
    Peter Bradley, Jan 17, 2007
    #1
    1. Advertising

  2. Someone in answer to another question has explained that if you use Windows
    authentication, you get the authorisation of whatever user the application
    is running as. By default, I think, ASP.NET applications run as the ASPNET
    user - or something like that - unless you are using impersonation. So you
    will need to check the user roles in AD for whatever user your app is
    running under.

    Forms authentication is much easier and more robust IMHO.


    Peter

    "nkw" <> wrote in message
    news:...
    > So you mean I should dynamically create the roles by reading from AD?
    > Any example code?
    >
    > "Peter Bradley" wrote:
    >
    >> Silly question, perhaps, but are you retrieving the groups from AD at
    >> some
    >> point and putting them in your WindowsPrincipal or whatever it is you use
    >> with Windows authentication?
    >>
    >> We use forms authentication, so it's a bit different for us, but we have
    >> to
    >> query AD to build up a list of roles.
    >>
    >>
    >> Peter
    >>
    >> "nkw" <> wrote in message
    >> news:D...
    >> >I am using <authentication mode="Windows"/>. I need to check if an user
    >> >is
    >> >in
    >> > Active Directory groups. However, User.IsInRole(@".../.../...") always
    >> > return
    >> > false.
    >> >
    >> > Did I miss anything?

    >>
    >>
    >>
     
    Peter Bradley, Jan 18, 2007
    #2
    1. Advertising

  3. Then obviously you need to know exactly who has logged on.

    In an ASP.NET application, the only way I know of doing this is to ask them
    (i.e. to have a login page), and use Forms Authentication. It's pretty easy
    to do and there's a very good article on MSDN that explains it all.

    You may be able to impersonate the current user using Windows
    authentication, I don't know because I've never used it.

    However, once you have the information that a particular user is logged in,
    you will have to store that information in a persistent store somewhere, and
    delete it when the user logs out, or the session, or the session cookie
    times out.

    That's my guess, anyway.


    Peter


    "nkw" <> wrote in message
    news:...
    > Maybe a newbie question:
    > I am writing app for interal users who logon Windows AD. It shouldn't let
    > them logon twice to use the app.
    >
    > "Peter Bradley" wrote:
    >
    >> Someone in answer to another question has explained that if you use
    >> Windows
    >> authentication, you get the authorisation of whatever user the
    >> application
    >> is running as. By default, I think, ASP.NET applications run as the
    >> ASPNET
    >> user - or something like that - unless you are using impersonation. So
    >> you
    >> will need to check the user roles in AD for whatever user your app is
    >> running under.
    >>
    >> Forms authentication is much easier and more robust IMHO.
    >>
    >>
    >> Peter
    >>
    >> "nkw" <> wrote in message
    >> news:...
    >> > So you mean I should dynamically create the roles by reading from AD?
    >> > Any example code?
    >> >
    >> > "Peter Bradley" wrote:
    >> >
    >> >> Silly question, perhaps, but are you retrieving the groups from AD at
    >> >> some
    >> >> point and putting them in your WindowsPrincipal or whatever it is you
    >> >> use
    >> >> with Windows authentication?
    >> >>
    >> >> We use forms authentication, so it's a bit different for us, but we
    >> >> have
    >> >> to
    >> >> query AD to build up a list of roles.
    >> >>
    >> >>
    >> >> Peter
    >> >>
    >> >> "nkw" <> wrote in message
    >> >> news:D...
    >> >> >I am using <authentication mode="Windows"/>. I need to check if an
    >> >> >user
    >> >> >is
    >> >> >in
    >> >> > Active Directory groups. However, User.IsInRole(@".../.../...")
    >> >> > always
    >> >> > return
    >> >> > false.
    >> >> >
    >> >> > Did I miss anything?
    >> >>
    >> >>
    >> >>

    >>
    >>
    >>
     
    Peter Bradley, Jan 19, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Somyos Jinkow

    user.isinrole in user control

    Somyos Jinkow, Jun 1, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    1,936
    =?Utf-8?B?cmFuZ2FuaA==?=
    Jun 1, 2004
  2. Peter Bons
    Replies:
    1
    Views:
    514
    Patrick.O.Ige
    Mar 31, 2006
  3. Ufit
    Replies:
    1
    Views:
    790
  4. petersonrj
    Replies:
    0
    Views:
    138
    petersonrj
    Sep 17, 2004
  5. Dominick Baier
    Replies:
    2
    Views:
    226
    Patrick.O.Ige
    Oct 21, 2004
Loading...

Share This Page