Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Role based security and Domains

Reply
Thread Tools

Role based security and Domains

 
 
Sammy_63
Guest
Posts: n/a
 
      05-18-2004
Does any one know how to find my windows domain name with .Net

Here's what I'm trying to do, I'm implementing role based security by calling WindowsPrincipal.IsInRole. This requiers the group names to be passes as DOMAINNAME/GROUPNAME. I use the same group names at all the installations but the domain names are obviously diffrent at seach site. I'm trying to avoid hardcoding or manually configuring the domain name for each site

I'd like to do something like this

AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal

Dim Prin as WindowsPrincipa
prin = Thread.CurrentPrincipa

domainName = get_domain_name(
bAuthenticated = prin.IsInRole(domainName & "\" & GroupName

I tried SystemInformation.UserDomainName.ToString() But it returns the server name not the domain name

Any Ideas would be greatly appreciated

Thank

Sam
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-19-2004
If you can safely assume that the groups you need are in the same domain as
the logged in user, then you should be able to grab the user's NETBIOS
domain name by parsing it out of Thread.CurrentPrincipal.Identity.Name.
With a WindowsIdentity, that will return DOMAIN\Username.

If you can't count on the groups being in the same domain, then you may need
to do some clever Active Directory lookups with System.DirectoryServices
using SIDs and stuff.

Joe K.

"Sammy_63" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does any one know how to find my windows domain name with .Net ?
>
> Here's what I'm trying to do, I'm implementing role based security by

calling WindowsPrincipal.IsInRole. This requiers the group names to be
passes as DOMAINNAME/GROUPNAME. I use the same group names at all the
installations but the domain names are obviously diffrent at seach site.
I'm trying to avoid hardcoding or manually configuring the domain name for
each site.
>
> I'd like to do something like this:
>
>

AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal)
>
> Dim Prin as WindowsPrincipal
> prin = Thread.CurrentPrincipal
>
> domainName = get_domain_name()
> bAuthenticated = prin.IsInRole(domainName & "\" & GroupName)
>
> I tried SystemInformation.UserDomainName.ToString() But it returns the

server name not the domain name.
>
> Any Ideas would be greatly appreciated,
>
> Thanks
>
> Sam



 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-20-2004
I don't understand how this can work then. It seems like if you are going
to use the same groups at each installation, then you have to either know
what domain you put those groups in (perhaps via a config file setting or
something) or you have to be able to guess the group's domain name based on
some other context.

How are the groups that you are using getting created? Can you get the
domain name from that process and provide that via config?

Joe K.

"Sammy_63" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Joe, It dosent seem safe to assume the users are in the same

domain. Members of an administrators group in one domain should not have
administrator privlages in my domain. I'm supprised this is turning our to
be so complex. One would thing this must be common considering the IsInRole
method requiers the domain name.
>
> Any tip you have on using ADSI would be helpfull.
>
> Thanks again.
>
> Sam



 
Reply With Quote
 
Sammy_63
Guest
Posts: n/a
 
      05-20-2004
We may have to do just that.

To simplify setup I was going to instruct the installers to add 2 predefined groups to the domain which I already included in a config file. I will just ask them to specity the domain name as part of the install and include it in the config file.
 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-20-2004
That sounds like the best bet. Perhaps that will make the solution more
flexible as there is a (very slight) possibility that they group name may
already be in use in the domain or that the admins will want to rename it
due to naming standards or something.

Doing that will allow them to call it whatever they need to you and you
won't need to worry about it as long as it is correct in the config file.

Joe K.

"Sammy_63" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We may have to do just that..
>
> To simplify setup I was going to instruct the installers to add 2

predefined groups to the domain which I already included in a config file.
I will just ask them to specity the domain name as part of the install and
include it in the config file.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
role-based security and ActiveDirectory SpaceMarine ASP .Net 18 06-02-2009 08:46 PM
AzMan Role Based Security vs. ASP.NET Role Based Security Kursat ASP .Net Security 1 05-07-2007 01:33 PM
role based security and =?Utf-8?B?ZGF2aWQ=?= ASP .Net 7 04-15-2005 06:07 PM
Role-Based Security: ACLs and Role Hierarchies Liet Kynes ASP .Net 0 11-26-2003 08:08 AM
Role-based security: Access the role of current user Jesper Stocholm ASP .Net 2 08-23-2003 06:59 PM



Advertisments