Role based security and Domains

[Sammy_63]

Does any one know how to find my windows domain name with .Net

Here's what I'm trying to do, I'm implementing role based security by calling WindowsPrincipal.IsInRole. This requiers the group names to be passes as DOMAINNAME/GROUPNAME. I use the same group names at all the installations but the domain names are obviously diffrent at seach site. I'm trying to avoid hardcoding or manually configuring the domain name for each site

I'd like to do something like this

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal

Dim Prin as WindowsPrincipa
prin = Thread.CurrentPrincipa

domainName = get_domain_name(
bAuthenticated = prin.IsInRole(domainName & "\" & GroupName

I tried SystemInformation.UserDomainName.ToString() But it returns the server name not the domain name

Any Ideas would be greatly appreciated

Thank

Sam

 

[Joe Kaplan \(MVP - ADSI\)]

If you can safely assume that the groups you need are in the same domain as
the logged in user, then you should be able to grab the user's NETBIOS
domain name by parsing it out of Thread.CurrentPrincipal.Identity.Name.
With a WindowsIdentity, that will return DOMAIN\Username.

If you can't count on the groups being in the same domain, then you may need
to do some clever Active Directory lookups with System.DirectoryServices
using SIDs and stuff.

Joe K.

Does any one know how to find my windows domain name with .Net ?

Here's what I'm trying to do, I'm implementing role based security by

calling WindowsPrincipal.IsInRole. This requiers the group names to be
passes as DOMAINNAME/GROUPNAME. I use the same group names at all the
installations but the domain names are obviously diffrent at seach site.
I'm trying to avoid hardcoding or manually configuring the domain name for
each site.

I'd like to do something like this:

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)

Dim Prin as WindowsPrincipal
prin = Thread.CurrentPrincipal

domainName = get_domain_name()
bAuthenticated = prin.IsInRole(domainName & "\" & GroupName)

I tried SystemInformation.UserDomainName.ToString() But it returns the

server name not the domain name.

 

[Joe Kaplan \(MVP - ADSI\)]

I don't understand how this can work then. It seems like if you are going
to use the same groups at each installation, then you have to either know
what domain you put those groups in (perhaps via a config file setting or
something) or you have to be able to guess the group's domain name based on
some other context.

How are the groups that you are using getting created? Can you get the
domain name from that process and provide that via config?

Joe K.

Thanks Joe, It dosent seem safe to assume the users are in the same

domain. Members of an administrators group in one domain should not have
administrator privlages in my domain. I'm supprised this is turning our to
be so complex. One would thing this must be common considering the IsInRole
method requiers the domain name.

 

[Sammy_63]

We may have to do just that.

To simplify setup I was going to instruct the installers to add 2 predefined groups to the domain which I already included in a config file. I will just ask them to specity the domain name as part of the install and include it in the config file.

 

[Joe Kaplan \(MVP - ADSI\)]

That sounds like the best bet. Perhaps that will make the solution more
flexible as there is a (very slight) possibility that they group name may
already be in use in the domain or that the admins will want to rename it
due to naming standards or something.

Doing that will allow them to call it whatever they need to you and you
won't need to worry about it as long as it is correct in the config file.

Joe K.

We may have to do just that..

To simplify setup I was going to instruct the installers to add 2

predefined groups to the domain which I already included in a config file.
I will just ask them to specity the domain name as part of the install and
include it in the config file.