WindowsPrincipal.IsInRole() problem with non-builtin roles

Discussion in 'ASP .Net Security' started by naijacoder naijacoder, Aug 30, 2004.

  1. Can't get WindowsPrincipal.IsInRole() to work for me when using
    Windows Authentication. Here's a snippit of code from my C#
    codebehind page:

    WindowsPrincipal wp = new WindowsPrincipal(
    WindowsIdentity.GetCurrent() );
    lblUser.Text = wp.Identity.Name;
    Label1.Text = wp.IsInRole(@"DOMAIN\group").ToString();


    where "DOMAIN\group" is a valid group name. The username shows up
    correctly as "DOMAIN\username" but for any non-builtin roles,
    IsInRole() returns false. Does anyone have suggestions as to why this
    is not working?



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    naijacoder naijacoder, Aug 30, 2004
    #1
    1. Advertising

  2. When using Windows authentication in ASP.NET, the WindowsPrincipal for the
    logged in user is in the HttpContext.User property, not the
    WindowsIdentity.GetCurrent(). They are the same IF you are impersonating,
    but otherwise they are not.

    HTH,

    Joe K.

    "naijacoder naijacoder" <> wrote in message
    news:...
    > Can't get WindowsPrincipal.IsInRole() to work for me when using
    > Windows Authentication. Here's a snippit of code from my C#
    > codebehind page:
    >
    > WindowsPrincipal wp = new WindowsPrincipal(
    > WindowsIdentity.GetCurrent() );
    > lblUser.Text = wp.Identity.Name;
    > Label1.Text = wp.IsInRole(@"DOMAIN\group").ToString();
    >
    >
    > where "DOMAIN\group" is a valid group name. The username shows up
    > correctly as "DOMAIN\username" but for any non-builtin roles,
    > IsInRole() returns false. Does anyone have suggestions as to why this
    > is not working?
    >
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
     
    Joe Kaplan \(MVP - ADSI\), Aug 30, 2004
    #2
    1. Advertising

  3. Agree with Joe's comment (always use the User property to avoid
    impersonatuion issues). Nevertheless, if you want to go further and check
    out what roles are beeing evaluated inside the IsInRole() method, you may
    use this little "hack" snippet to inspect the roles string array that use
    WindowsPrincipal for this evaluation.

    public static string[] Roles( WindowsIdentity identity )
    {
    // Parameters check
    if( identity == null )
    {
    throw new ArgumentNullException( "identity" );
    }
    if( identity.Name.Length < 1 )
    {
    return new string[0];
    }

    // Get roles
    string[] roles = (string[])CallPrivateMethod( identity, "GetRoles" );
    return roles;
    }

    //Note: This method will require 'ReflectionPermission'
    [ReflectionPermission( SecurityAction.Assert, MemberAccess=true,
    TypeInformation=true )]
    private static object CallPrivateMethod(object o, string methodName)
    {
    Type t = o.GetType();
    MethodInfo mi = t.GetMethod(methodName, BindingFlags.NonPublic |
    BindingFlags.Instance);
    if (mi == null)
    {
    throw new System.Reflection.ReflectionTypeLoadException(null,null,
    String.Format("{0}.{1} method wasn't found. The runtime
    implementation may have changed!", t.FullName,
    methodName ) );
    }
    return mi.Invoke(o, null);
    }


    --
    Hernan de Lahitte
    Lagash Systems S.A.
    http://weblogs.asp.net/hernandl


    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > When using Windows authentication in ASP.NET, the WindowsPrincipal for the
    > logged in user is in the HttpContext.User property, not the
    > WindowsIdentity.GetCurrent(). They are the same IF you are impersonating,
    > but otherwise they are not.
    >
    > HTH,
    >
    > Joe K.
    >
    > "naijacoder naijacoder" <> wrote in message
    > news:...
    >> Can't get WindowsPrincipal.IsInRole() to work for me when using
    >> Windows Authentication. Here's a snippit of code from my C#
    >> codebehind page:
    >>
    >> WindowsPrincipal wp = new WindowsPrincipal(
    >> WindowsIdentity.GetCurrent() );
    >> lblUser.Text = wp.Identity.Name;
    >> Label1.Text = wp.IsInRole(@"DOMAIN\group").ToString();
    >>
    >>
    >> where "DOMAIN\group" is a valid group name. The username shows up
    >> correctly as "DOMAIN\username" but for any non-builtin roles,
    >> IsInRole() returns false. Does anyone have suggestions as to why this
    >> is not working?
    >>
    >>
    >>
    >> *** Sent via Developersdex http://www.developersdex.com ***
    >> Don't just participate in USENET...get rewarded for it!

    >
    >
     
    Hernan de Lahitte, Aug 30, 2004
    #3
  4. Hi Hernan de Lahitte,
    How are you and thanks for the code!
    I tried running the code for getting the actual roles but i keep getting
    errors.Can you pls explain how i can get the code working.Pls explain
    step by step.
    Thanks alot.


    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    naijacoder naijacoder, Sep 2, 2004
    #4
  5. Since you are using VB.NET, perhaps this sample (doing the same basic thing)
    will work for you:

    Function GetRoles(byval identity as WindowsIdentity) as String()

    Dim idType As Type
    idType = GetType(WindowsIdentity)
    Dim result As Object =
    idType.InvokeMember("_GetRoles",BindingFlags.Static Or
    BindingFlags.InvokeMethod Or BindingFlags.NonPublic,Nothing, identity, New
    Object() {identity.Token}, Nothing)
    Dim roles() As String = DirectCast(result, String())
    Return roles

    End Function

    Joe K.

    "naijacoder naijacoder" <> wrote in message
    news:...
    > Hi Hernan de Lahitte,
    > How are you and thanks for the code!
    > I tried running the code for getting the actual roles but i keep getting
    > errors.Can you pls explain how i can get the code working.Pls explain
    > step by step.
    > Thanks alot.
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
    > Don't just participate in USENET...get rewarded for it!
     
    Joe Kaplan \(MVP - ADSI\), Sep 2, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Burton

    WindowsPrincipal and WindowsIdentity.

    Kevin Burton, Jan 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    7,403
    bruce barker
    Jan 8, 2004
  2. bdb112
    Replies:
    2
    Views:
    301
    Chris Torek
    Jul 2, 2011
  3. Vic

    isinrole reverts to windowsprincipal?

    Vic, Nov 26, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    155
  4. David Jessee

    WindowsPrincipal.IsInRole() is Being Flaky. Help!!

    David Jessee, Mar 10, 2005, in forum: ASP .Net Security
    Replies:
    3
    Views:
    237
    Joe Kaplan \(MVP - ADSI\)
    Mar 11, 2005
  5. Lyndon Hills

    Roles.IsUserInRole != Context.User.IsInRole

    Lyndon Hills, Oct 20, 2006, in forum: ASP .Net Security
    Replies:
    7
    Views:
    995
    Joe Kaplan
    Oct 31, 2006
Loading...

Share This Page