Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Re: User.IsInRole doesn't work for windows authentication?

Reply
Thread Tools

Re: User.IsInRole doesn't work for windows authentication?

 
 
Peter Bradley
Guest
Posts: n/a
 
      01-17-2007
Silly question, perhaps, but are you retrieving the groups from AD at some
point and putting them in your WindowsPrincipal or whatever it is you use
with Windows authentication?

We use forms authentication, so it's a bit different for us, but we have to
query AD to build up a list of roles.


Peter

"nkw" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
>I am using <authentication mode="Windows"/>. I need to check if an user is
>in
> Active Directory groups. However, User.IsInRole(@".../.../...") always
> return
> false.
>
> Did I miss anything?



 
Reply With Quote
 
 
 
 
Peter Bradley
Guest
Posts: n/a
 
      01-18-2007
Someone in answer to another question has explained that if you use Windows
authentication, you get the authorisation of whatever user the application
is running as. By default, I think, ASP.NET applications run as the ASPNET
user - or something like that - unless you are using impersonation. So you
will need to check the user roles in AD for whatever user your app is
running under.

Forms authentication is much easier and more robust IMHO.


Peter

"nkw" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> So you mean I should dynamically create the roles by reading from AD?
> Any example code?
>
> "Peter Bradley" wrote:
>
>> Silly question, perhaps, but are you retrieving the groups from AD at
>> some
>> point and putting them in your WindowsPrincipal or whatever it is you use
>> with Windows authentication?
>>
>> We use forms authentication, so it's a bit different for us, but we have
>> to
>> query AD to build up a list of roles.
>>
>>
>> Peter
>>
>> "nkw" <(E-Mail Removed)> wrote in message
>> news(E-Mail Removed)...
>> >I am using <authentication mode="Windows"/>. I need to check if an user
>> >is
>> >in
>> > Active Directory groups. However, User.IsInRole(@".../.../...") always
>> > return
>> > false.
>> >
>> > Did I miss anything?

>>
>>
>>



 
Reply With Quote
 
 
 
 
Peter Bradley
Guest
Posts: n/a
 
      01-19-2007
Then obviously you need to know exactly who has logged on.

In an ASP.NET application, the only way I know of doing this is to ask them
(i.e. to have a login page), and use Forms Authentication. It's pretty easy
to do and there's a very good article on MSDN that explains it all.

You may be able to impersonate the current user using Windows
authentication, I don't know because I've never used it.

However, once you have the information that a particular user is logged in,
you will have to store that information in a persistent store somewhere, and
delete it when the user logs out, or the session, or the session cookie
times out.

That's my guess, anyway.


Peter


"nkw" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Maybe a newbie question:
> I am writing app for interal users who logon Windows AD. It shouldn't let
> them logon twice to use the app.
>
> "Peter Bradley" wrote:
>
>> Someone in answer to another question has explained that if you use
>> Windows
>> authentication, you get the authorisation of whatever user the
>> application
>> is running as. By default, I think, ASP.NET applications run as the
>> ASPNET
>> user - or something like that - unless you are using impersonation. So
>> you
>> will need to check the user roles in AD for whatever user your app is
>> running under.
>>
>> Forms authentication is much easier and more robust IMHO.
>>
>>
>> Peter
>>
>> "nkw" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > So you mean I should dynamically create the roles by reading from AD?
>> > Any example code?
>> >
>> > "Peter Bradley" wrote:
>> >
>> >> Silly question, perhaps, but are you retrieving the groups from AD at
>> >> some
>> >> point and putting them in your WindowsPrincipal or whatever it is you
>> >> use
>> >> with Windows authentication?
>> >>
>> >> We use forms authentication, so it's a bit different for us, but we
>> >> have
>> >> to
>> >> query AD to build up a list of roles.
>> >>
>> >>
>> >> Peter
>> >>
>> >> "nkw" <(E-Mail Removed)> wrote in message
>> >> news(E-Mail Removed)...
>> >> >I am using <authentication mode="Windows"/>. I need to check if an
>> >> >user
>> >> >is
>> >> >in
>> >> > Active Directory groups. However, User.IsInRole(@".../.../...")
>> >> > always
>> >> > return
>> >> > false.
>> >> >
>> >> > Did I miss anything?
>> >>
>> >>
>> >>

>>
>>
>>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why softwares for Windows XP... Don't work with Windows XP 64bits? msnews.microsoft.com Windows 64bit 1 02-07-2008 08:48 PM
PSE6: Work-around when Help doesn't work under Windows John Navas Digital Photography 3 01-14-2008 10:04 PM
Hi I am new to asp i can not get it to work on xp pro sp2 even though the localhost work but asp pages dont so can some one help craig dicker ASP .Net 9 07-07-2005 11:52 AM
Pages work on Windows XP but not Windows Server 2003? sudhagar ASP .Net Datagrid Control 0 03-21-2005 11:30 AM
Pages work on Windows XP but not Windows Server 2003? Roy ASP .Net Datagrid Control 0 01-23-2005 02:22 AM



Advertisments