WindowsPrincipal.IsInRole() is Being Flaky. Help!!

Discussion in 'ASP .Net Security' started by David Jessee, Mar 10, 2005.

  1. David Jessee

    David Jessee Guest

    Its just being inconsistent.

    I'm in 3 different Groups in AD.

    ..IsInRole("Groupx") returns true
    ..IsInRole("Groupy") returns true
    ..IsInRole("Groupz") returns FALSE

    All of these groups reside in the same location in my AD tree, but for some
    reason, the one is returning False.

    even stranger, if I do a search for "Groupz" and list out its members
    (through DirectoryServices) my account information shows up.

    I have no idea why my account is in the group, but that lookup doesn't work
    for the group, but it dows for others.

    Ideas??
    Anyone??
    I'm not proud, I'll beg, I'll make cheesecake!
     
    David Jessee, Mar 10, 2005
    #1
    1. Advertising

  2. Is the group security enabled? What type of group is it (groupType)?

    Joe K.

    "David Jessee" <> wrote in message
    news:...
    > Its just being inconsistent.
    >
    > I'm in 3 different Groups in AD.
    >
    > .IsInRole("Groupx") returns true
    > .IsInRole("Groupy") returns true
    > .IsInRole("Groupz") returns FALSE
    >
    > All of these groups reside in the same location in my AD tree, but for
    > some
    > reason, the one is returning False.
    >
    > even stranger, if I do a search for "Groupz" and list out its members
    > (through DirectoryServices) my account information shows up.
    >
    > I have no idea why my account is in the group, but that lookup doesn't
    > work
    > for the group, but it dows for others.
    >
    > Ideas??
    > Anyone??
    > I'm not proud, I'll beg, I'll make cheesecake!
     
    Joe Kaplan \(MVP - ADSI\), Mar 10, 2005
    #2
    1. Advertising

  3. David Jessee

    David Jessee Guest

    The Scope is Global, the Group Type is Security.

    Okay, folks, I'm gonna up the antie. Anyone want Fudge? Home made!!

    "Joe Kaplan (MVP - ADSI)" wrote:

    > Is the group security enabled? What type of group is it (groupType)?
    >
    > Joe K.
    >
    > "David Jessee" <> wrote in message
    > news:...
    > > Its just being inconsistent.
    > >
    > > I'm in 3 different Groups in AD.
    > >
    > > .IsInRole("Groupx") returns true
    > > .IsInRole("Groupy") returns true
    > > .IsInRole("Groupz") returns FALSE
    > >
    > > All of these groups reside in the same location in my AD tree, but for
    > > some
    > > reason, the one is returning False.
    > >
    > > even stranger, if I do a search for "Groupz" and list out its members
    > > (through DirectoryServices) my account information shows up.
    > >
    > > I have no idea why my account is in the group, but that lookup doesn't
    > > work
    > > for the group, but it dows for others.
    > >
    > > Ideas??
    > > Anyone??
    > > I'm not proud, I'll beg, I'll make cheesecake!

    >
    >
    >
     
    David Jessee, Mar 10, 2005
    #3
  4. Ok, that group should definitely be in the user's token then. Assuming you
    definitely have the name correct, the next thing I'd do is a little
    exploration on the user's token.

    I'd try this reflection code to see what's actually in the user's token:

    Function GetRoles(byval identity as WindowsIdentity) as String()

    Dim idType As Type
    idType = GetType(WindowsIdentity)
    Dim result As Object =
    idType.InvokeMember("_GetRoles",BindingFlags.Static Or
    BindingFlags.InvokeMethod Or BindingFlags.NonPublic,Nothing, identity, New
    Object() {identity.Token}, Nothing)
    Dim roles() As String = DirectCast(result, String())
    Return roles

    End Function

    You can use that to see the actual group list.

    The next steps after this involve looking at the user's token to examine the
    SIDs directly, but that is less easy.

    Joe K.


    "David Jessee" <> wrote in message
    news:...
    > The Scope is Global, the Group Type is Security.
    >
    > Okay, folks, I'm gonna up the antie. Anyone want Fudge? Home made!!
    >
    > "Joe Kaplan (MVP - ADSI)" wrote:
    >
    >> Is the group security enabled? What type of group is it (groupType)?
    >>
    >> Joe K.
    >>
    >> "David Jessee" <> wrote in message
    >> news:...
    >> > Its just being inconsistent.
    >> >
    >> > I'm in 3 different Groups in AD.
    >> >
    >> > .IsInRole("Groupx") returns true
    >> > .IsInRole("Groupy") returns true
    >> > .IsInRole("Groupz") returns FALSE
    >> >
    >> > All of these groups reside in the same location in my AD tree, but for
    >> > some
    >> > reason, the one is returning False.
    >> >
    >> > even stranger, if I do a search for "Groupz" and list out its members
    >> > (through DirectoryServices) my account information shows up.
    >> >
    >> > I have no idea why my account is in the group, but that lookup doesn't
    >> > work
    >> > for the group, but it dows for others.
    >> >
    >> > Ideas??
    >> > Anyone??
    >> > I'm not proud, I'll beg, I'll make cheesecake!

    >>
    >>
    >>
     
    Joe Kaplan \(MVP - ADSI\), Mar 11, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shock

    DataGrids, Paging, and Flaky

    Shock, Jun 24, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    343
    Shock
    Jun 24, 2004
  2. Shock

    Asp.net flaky?

    Shock, Jun 25, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    414
    Shock
    Jun 27, 2004
  3. naijacoder naijacoder

    WindowsPrincipal.IsInRole() problem with non-builtin roles

    naijacoder naijacoder, Aug 30, 2004, in forum: ASP .Net Security
    Replies:
    4
    Views:
    258
    Joe Kaplan \(MVP - ADSI\)
    Sep 2, 2004
  4. Vic

    isinrole reverts to windowsprincipal?

    Vic, Nov 26, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    156
  5. Just Another Victim of the Ambient Morality

    Net/HTTP is flaky?

    Just Another Victim of the Ambient Morality, Jul 19, 2006, in forum: Ruby
    Replies:
    12
    Views:
    195
    Joe Van Dyk
    Jul 20, 2006
Loading...

Share This Page