WindowsPrincipal.IsInRole() problem with non-builtin roles

[naijacoder naijacoder]

Can't get WindowsPrincipal.IsInRole() to work for me when using
Windows Authentication. Here's a snippit of code from my C#
codebehind page:

WindowsPrincipal wp = new WindowsPrincipal(
WindowsIdentity.GetCurrent() );
lblUser.Text = wp.Identity.Name;
Label1.Text = wp.IsInRole(@"DOMAIN\group").ToString();


where "DOMAIN\group" is a valid group name. The username shows up
correctly as "DOMAIN\username" but for any non-builtin roles,
IsInRole() returns false. Does anyone have suggestions as to why this
is not working?

 

[Joe Kaplan \(MVP - ADSI\)]

When using Windows authentication in ASP.NET, the WindowsPrincipal for the
logged in user is in the HttpContext.User property, not the
WindowsIdentity.GetCurrent(). They are the same IF you are impersonating,
but otherwise they are not.

HTH,

Joe K.

 

[Hernan de Lahitte]

Agree with Joe's comment (always use the User property to avoid
impersonatuion issues). Nevertheless, if you want to go further and check
out what roles are beeing evaluated inside the IsInRole() method, you may
use this little "hack" snippet to inspect the roles string array that use
WindowsPrincipal for this evaluation.

public static string[] Roles( WindowsIdentity identity )
{
// Parameters check
if( identity == null )
{
throw new ArgumentNullException( "identity" );
}
if( identity.Name.Length < 1 )
{
return new string[0];
}

// Get roles
string[] roles = (string[])CallPrivateMethod( identity, "GetRoles" );
return roles;
}

//Note: This method will require 'ReflectionPermission'
[ReflectionPermission( SecurityAction.Assert, MemberAccess=true,
TypeInformation=true )]
private static object CallPrivateMethod(object o, string methodName)
{
Type t = o.GetType();
MethodInfo mi = t.GetMethod(methodName, BindingFlags.NonPublic |
BindingFlags.Instance);
if (mi == null)
{
throw new System.Reflection.ReflectionTypeLoadException(null,null,
String.Format("{0}.{1} method wasn't found. The runtime
implementation may have changed!", t.FullName,
methodName ) );
}
return mi.Invoke(o, null);
}


--
Hernan de Lahitte
Lagash Systems S.A.
http://weblogs.asp.net/hernandl


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[naijacoder naijacoder]

Hi Hernan de Lahitte,
How are you and thanks for the code!
I tried running the code for getting the actual roles but i keep getting
errors.Can you pls explain how i can get the code working.Pls explain
step by step.
Thanks alot.

 

[Joe Kaplan \(MVP - ADSI\)]

Since you are using VB.NET, perhaps this sample (doing the same basic thing)
will work for you:

Function GetRoles(byval identity as WindowsIdentity) as String()

Dim idType As Type
idType = GetType(WindowsIdentity)
Dim result As Object =
idType.InvokeMember("_GetRoles",BindingFlags.Static Or
BindingFlags.InvokeMethod Or BindingFlags.NonPublic,Nothing, identity, New
Object() {identity.Token}, Nothing)
Dim roles() As String = DirectCast(result, String())
Return roles

End Function

Joe K.