Role based security and Domains

Discussion in 'ASP .Net Security' started by Sammy_63, May 19, 2004.

  1. Sammy_63

    Sammy_63 Guest

    Does any one know how to find my windows domain name with .Net

    Here's what I'm trying to do, I'm implementing role based security by calling WindowsPrincipal.IsInRole. This requiers the group names to be passes as DOMAINNAME/GROUPNAME. I use the same group names at all the installations but the domain names are obviously diffrent at seach site. I'm trying to avoid hardcoding or manually configuring the domain name for each site

    I'd like to do something like this

    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal

    Dim Prin as WindowsPrincipa
    prin = Thread.CurrentPrincipa

    domainName = get_domain_name(
    bAuthenticated = prin.IsInRole(domainName & "\" & GroupName

    I tried SystemInformation.UserDomainName.ToString() But it returns the server name not the domain name

    Any Ideas would be greatly appreciated

    Thank

    Sam
    Sammy_63, May 19, 2004
    #1
    1. Advertising

  2. If you can safely assume that the groups you need are in the same domain as
    the logged in user, then you should be able to grab the user's NETBIOS
    domain name by parsing it out of Thread.CurrentPrincipal.Identity.Name.
    With a WindowsIdentity, that will return DOMAIN\Username.

    If you can't count on the groups being in the same domain, then you may need
    to do some clever Active Directory lookups with System.DirectoryServices
    using SIDs and stuff.

    Joe K.

    "Sammy_63" <> wrote in message
    news:...
    > Does any one know how to find my windows domain name with .Net ?
    >
    > Here's what I'm trying to do, I'm implementing role based security by

    calling WindowsPrincipal.IsInRole. This requiers the group names to be
    passes as DOMAINNAME/GROUPNAME. I use the same group names at all the
    installations but the domain names are obviously diffrent at seach site.
    I'm trying to avoid hardcoding or manually configuring the domain name for
    each site.
    >
    > I'd like to do something like this:
    >
    >

    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
    >
    > Dim Prin as WindowsPrincipal
    > prin = Thread.CurrentPrincipal
    >
    > domainName = get_domain_name()
    > bAuthenticated = prin.IsInRole(domainName & "\" & GroupName)
    >
    > I tried SystemInformation.UserDomainName.ToString() But it returns the

    server name not the domain name.
    >
    > Any Ideas would be greatly appreciated,
    >
    > Thanks
    >
    > Sam
    Joe Kaplan \(MVP - ADSI\), May 19, 2004
    #2
    1. Advertising

  3. I don't understand how this can work then. It seems like if you are going
    to use the same groups at each installation, then you have to either know
    what domain you put those groups in (perhaps via a config file setting or
    something) or you have to be able to guess the group's domain name based on
    some other context.

    How are the groups that you are using getting created? Can you get the
    domain name from that process and provide that via config?

    Joe K.

    "Sammy_63" <> wrote in message
    news:...
    > Thanks Joe, It dosent seem safe to assume the users are in the same

    domain. Members of an administrators group in one domain should not have
    administrator privlages in my domain. I'm supprised this is turning our to
    be so complex. One would thing this must be common considering the IsInRole
    method requiers the domain name.
    >
    > Any tip you have on using ADSI would be helpfull.
    >
    > Thanks again.
    >
    > Sam
    Joe Kaplan \(MVP - ADSI\), May 20, 2004
    #3
  4. Sammy_63

    Sammy_63 Guest

    We may have to do just that.

    To simplify setup I was going to instruct the installers to add 2 predefined groups to the domain which I already included in a config file. I will just ask them to specity the domain name as part of the install and include it in the config file.
    Sammy_63, May 20, 2004
    #4
  5. That sounds like the best bet. Perhaps that will make the solution more
    flexible as there is a (very slight) possibility that they group name may
    already be in use in the domain or that the admins will want to rename it
    due to naming standards or something.

    Doing that will allow them to call it whatever they need to you and you
    won't need to worry about it as long as it is correct in the config file.

    Joe K.

    "Sammy_63" <> wrote in message
    news:...
    > We may have to do just that..
    >
    > To simplify setup I was going to instruct the installers to add 2

    predefined groups to the domain which I already included in a config file.
    I will just ask them to specity the domain name as part of the install and
    include it in the config file.
    Joe Kaplan \(MVP - ADSI\), May 20, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Stocholm
    Replies:
    2
    Views:
    8,071
    John Saunders
    Aug 23, 2003
  2. Liet Kynes
    Replies:
    0
    Views:
    476
    Liet Kynes
    Nov 26, 2003
  3. =?Utf-8?B?ZGF2aWQ=?=

    role based security and

    =?Utf-8?B?ZGF2aWQ=?=, Apr 15, 2005, in forum: ASP .Net
    Replies:
    7
    Views:
    379
    =?Utf-8?B?ZGF2aWQ=?=
    Apr 15, 2005
  4. SpaceMarine

    role-based security and ActiveDirectory

    SpaceMarine, May 28, 2009, in forum: ASP .Net
    Replies:
    18
    Views:
    2,032
    Joe Kaplan
    Jun 2, 2009
  5. Kursat
    Replies:
    1
    Views:
    302
    Dominick Baier
    May 7, 2007
Loading...

Share This Page