Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > WindowsPrincipal.IsInRole() is Being Flaky. Help!!

Reply
Thread Tools

WindowsPrincipal.IsInRole() is Being Flaky. Help!!

 
 
David Jessee
Guest
Posts: n/a
 
      03-10-2005
Its just being inconsistent.

I'm in 3 different Groups in AD.

..IsInRole("Groupx") returns true
..IsInRole("Groupy") returns true
..IsInRole("Groupz") returns FALSE

All of these groups reside in the same location in my AD tree, but for some
reason, the one is returning False.

even stranger, if I do a search for "Groupz" and list out its members
(through DirectoryServices) my account information shows up.

I have no idea why my account is in the group, but that lookup doesn't work
for the group, but it dows for others.

Ideas??
Anyone??
I'm not proud, I'll beg, I'll make cheesecake!
 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-10-2005
Is the group security enabled? What type of group is it (groupType)?

Joe K.

"David Jessee" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Its just being inconsistent.
>
> I'm in 3 different Groups in AD.
>
> .IsInRole("Groupx") returns true
> .IsInRole("Groupy") returns true
> .IsInRole("Groupz") returns FALSE
>
> All of these groups reside in the same location in my AD tree, but for
> some
> reason, the one is returning False.
>
> even stranger, if I do a search for "Groupz" and list out its members
> (through DirectoryServices) my account information shows up.
>
> I have no idea why my account is in the group, but that lookup doesn't
> work
> for the group, but it dows for others.
>
> Ideas??
> Anyone??
> I'm not proud, I'll beg, I'll make cheesecake!



 
Reply With Quote
 
 
 
 
David Jessee
Guest
Posts: n/a
 
      03-10-2005
The Scope is Global, the Group Type is Security.

Okay, folks, I'm gonna up the antie. Anyone want Fudge? Home made!!

"Joe Kaplan (MVP - ADSI)" wrote:

> Is the group security enabled? What type of group is it (groupType)?
>
> Joe K.
>
> "David Jessee" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Its just being inconsistent.
> >
> > I'm in 3 different Groups in AD.
> >
> > .IsInRole("Groupx") returns true
> > .IsInRole("Groupy") returns true
> > .IsInRole("Groupz") returns FALSE
> >
> > All of these groups reside in the same location in my AD tree, but for
> > some
> > reason, the one is returning False.
> >
> > even stranger, if I do a search for "Groupz" and list out its members
> > (through DirectoryServices) my account information shows up.
> >
> > I have no idea why my account is in the group, but that lookup doesn't
> > work
> > for the group, but it dows for others.
> >
> > Ideas??
> > Anyone??
> > I'm not proud, I'll beg, I'll make cheesecake!

>
>
>

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      03-11-2005
Ok, that group should definitely be in the user's token then. Assuming you
definitely have the name correct, the next thing I'd do is a little
exploration on the user's token.

I'd try this reflection code to see what's actually in the user's token:

Function GetRoles(byval identity as WindowsIdentity) as String()

Dim idType As Type
idType = GetType(WindowsIdentity)
Dim result As Object =
idType.InvokeMember("_GetRoles",BindingFlags.Stati c Or
BindingFlags.InvokeMethod Or BindingFlags.NonPublic,Nothing, identity, New
Object() {identity.Token}, Nothing)
Dim roles() As String = DirectCast(result, String())
Return roles

End Function

You can use that to see the actual group list.

The next steps after this involve looking at the user's token to examine the
SIDs directly, but that is less easy.

Joe K.


"David Jessee" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The Scope is Global, the Group Type is Security.
>
> Okay, folks, I'm gonna up the antie. Anyone want Fudge? Home made!!
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> Is the group security enabled? What type of group is it (groupType)?
>>
>> Joe K.
>>
>> "David Jessee" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Its just being inconsistent.
>> >
>> > I'm in 3 different Groups in AD.
>> >
>> > .IsInRole("Groupx") returns true
>> > .IsInRole("Groupy") returns true
>> > .IsInRole("Groupz") returns FALSE
>> >
>> > All of these groups reside in the same location in my AD tree, but for
>> > some
>> > reason, the one is returning False.
>> >
>> > even stranger, if I do a search for "Groupz" and list out its members
>> > (through DirectoryServices) my account information shows up.
>> >
>> > I have no idea why my account is in the group, but that lookup doesn't
>> > work
>> > for the group, but it dows for others.
>> >
>> > Ideas??
>> > Anyone??
>> > I'm not proud, I'll beg, I'll make cheesecake!

>>
>>
>>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Java & LAMP - being better or being popular ? heather.fraser@gmail.com Java 14 10-17-2007 03:50 AM
Form still being submitted despite being invalid =?Utf-8?B?TWFyayBQYXJ0ZXI=?= ASP .Net 4 07-25-2005 02:46 PM
Being kicked off every 5 min... =?Utf-8?B?dGhlIGJyYWQ=?= Wireless Networking 1 08-08-2004 08:51 PM
Event handler is being detached without being released Moshe Katz Javascript 2 05-02-2004 06:42 AM



Advertisments