Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Does IsInRole() grab just Groups? Can I get Organizational Units?

Reply
Thread Tools

Does IsInRole() grab just Groups? Can I get Organizational Units?

 
 
Craig Vedur
Guest
Posts: n/a
 
      09-01-2005
Hey,

I posted before about IsInRole and was told if you do Windows Authentication
with Identity Impersonation, you can check against security groups. However,
the LDAP is separated into Organizational Units. I did a test and am
assuming IsInRole() will not test for OU membership? Can anyone confirm this?

I guess the only way to check for OU membership is to traverse a
DirectoryEntry root w/ System.DirectoryServices.dll

Can anyone help w/ this?

Thanks
 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      09-01-2005
Hello Craig,

no - IsInRole checks for the security groups a user is member of.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Hey,
>
> I posted before about IsInRole and was told if you do Windows
> Authentication with Identity Impersonation, you can check against
> security groups. However, the LDAP is separated into Organizational
> Units. I did a test and am assuming IsInRole() will not test for OU
> membership? Can anyone confirm this?
>
> I guess the only way to check for OU membership is to traverse a
> DirectoryEntry root w/ System.DirectoryServices.dll
>
> Can anyone help w/ this?
>
> Thanks
>




 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      09-07-2005
Yes, you must do an LDAP query to get OU information. This seems like a
weird thing to do though. Are you sure you need this?

OUs are typically created to organize users for group policy and delegation
of administration. Making security decisions based on a user's OU isn't the
intent.

Joe K.

"Craig Vedur" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hey,
>
> I posted before about IsInRole and was told if you do Windows
> Authentication
> with Identity Impersonation, you can check against security groups.
> However,
> the LDAP is separated into Organizational Units. I did a test and am
> assuming IsInRole() will not test for OU membership? Can anyone confirm
> this?
>
> I guess the only way to check for OU membership is to traverse a
> DirectoryEntry root w/ System.DirectoryServices.dll
>
> Can anyone help w/ this?
>
> Thanks



 
Reply With Quote
 
Patrick.O.Ige
Guest
Posts: n/a
 
      10-31-2005
Hmm.. As Joe Adviced i don't think u need OU's
What you need i think is ROLES.
Patrick

"Joe Kaplan (MVP - ADSI)" <(E-Mail Removed)> wrote
in message news:(E-Mail Removed)...
> Yes, you must do an LDAP query to get OU information. This seems like a
> weird thing to do though. Are you sure you need this?
>
> OUs are typically created to organize users for group policy and

delegation
> of administration. Making security decisions based on a user's OU isn't

the
> intent.
>
> Joe K.
>
> "Craig Vedur" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hey,
> >
> > I posted before about IsInRole and was told if you do Windows
> > Authentication
> > with Identity Impersonation, you can check against security groups.
> > However,
> > the LDAP is separated into Organizational Units. I did a test and am
> > assuming IsInRole() will not test for OU membership? Can anyone confirm
> > this?
> >
> > I guess the only way to check for OU membership is to traverse a
> > DirectoryEntry root w/ System.DirectoryServices.dll
> >
> > Can anyone help w/ this?
> >
> > Thanks

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
authentication: Active Directory and Organizational Unit SpaceMarine ASP .Net 2 05-16-2008 09:36 PM
First level organizational Units Active Directory Microsoft Certification 0 05-10-2008 10:42 AM
Survey on the Effects of Organizational Culture on Software Productivity bruce_taylor@unisoncoaching.com C Programming 4 09-20-2005 08:56 PM
Online XML Organizational Chart Service is available Web Giant XML 0 07-18-2005 02:02 PM
Online XML Organizational Chart Service is available nauman.maz@gmail.com XML 0 07-18-2005 11:19 AM



Advertisments