Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Get List of Roles and Translate(typeof(NTAccount))

Reply
Thread Tools

Get List of Roles and Translate(typeof(NTAccount))

 
 
Mario.Trafficante@qg.com
Guest
Posts: n/a
 
      08-09-2006
I am attempting to get a list of the security groups a specific user is
a member of when logging into our applications. After finding many
methods, I settled on the preferred suggested method of using an
IdentityReferenceCollection within the .NET 2.0 frame work. This works
well except for one thing, the NTAccount.Value for certain groups is
trucated. The entire active directory group name is not returned, only
a trucated version of it. I know there are other formats of the name
e.g. displayname etc... How or can I get access to the other name
formats through this call?

thanks Mario

string[] securityidentifiers = null;
string samAccountQuery =
String.Format("(|(sAMAccountName={0})(sAMAccountNa me={0}$))",
username.Substring(username.IndexOf("\\") + 1).Trim());

using (DirectoryEntry securedirectoryentry = new
DirectoryEntry(ldap, null, null, AuthenticationTypes.Secure))
{
using (DirectorySearcher securedirectorysearcher = new
DirectorySearcher(securedirectoryentry, samAccountQuery))
{
SearchResult securesearchresult =
FindOne(securedirectorysearcher);
if (securesearchresult != null)
{
//now unravel the tokenGroups (we'll use the
universal groups too)
using (DirectoryEntry account =
securesearchresult.GetDirectoryEntry())
{

IdentityReferenceCollection irc =
ExpandTokenGroups(account);

securityidentifiers = new
string[irc.Count];
int t = 0;
foreach (IdentityReference ir in irc)
{
IdentityReference accounts =
ir.Translate(typeof(NTAccount));
securityidentifiers[t] =
accounts.Value;
t++;
}
}
}
}

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      08-09-2006
You can't get access to the other name formats with
IdentityReferenceCollection, only the names used for security purposes. If
you want to get other name versions, you can either do an LDAP query to AD
to find the info, or do a p/invoke to something like the DsCrackNames API
(which is also wrapped by the IADsNameTranslate ADSI COM component).

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I am attempting to get a list of the security groups a specific user is
> a member of when logging into our applications. After finding many
> methods, I settled on the preferred suggested method of using an
> IdentityReferenceCollection within the .NET 2.0 frame work. This works
> well except for one thing, the NTAccount.Value for certain groups is
> trucated. The entire active directory group name is not returned, only
> a trucated version of it. I know there are other formats of the name
> e.g. displayname etc... How or can I get access to the other name
> formats through this call?
>
> thanks Mario
>
> string[] securityidentifiers = null;
> string samAccountQuery =
> String.Format("(|(sAMAccountName={0})(sAMAccountNa me={0}$))",
> username.Substring(username.IndexOf("\\") + 1).Trim());
>
> using (DirectoryEntry securedirectoryentry = new
> DirectoryEntry(ldap, null, null, AuthenticationTypes.Secure))
> {
> using (DirectorySearcher securedirectorysearcher = new
> DirectorySearcher(securedirectoryentry, samAccountQuery))
> {
> SearchResult securesearchresult =
> FindOne(securedirectorysearcher);
> if (securesearchresult != null)
> {
> //now unravel the tokenGroups (we'll use the
> universal groups too)
> using (DirectoryEntry account =
> securesearchresult.GetDirectoryEntry())
> {
>
> IdentityReferenceCollection irc =
> ExpandTokenGroups(account);
>
> securityidentifiers = new
> string[irc.Count];
> int t = 0;
> foreach (IdentityReference ir in irc)
> {
> IdentityReference accounts =
> ir.Translate(typeof(NTAccount));
> securityidentifiers[t] =
> accounts.Value;
> t++;
> }
> }
> }
> }
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to get list of roles John ASP .Net 1 05-18-2008 07:26 PM
Retrieving the list of security roles from EJB deployment descriptor tremalnaik@gmail.com Java 0 04-18-2007 09:55 AM
Get list of Roles for a user Kishore Gopalan ASP .Net Security 1 11-14-2005 07:52 AM
Application level roles + Item level roles... how to do it? Jéjé ASP .Net Security 0 09-26-2005 11:06 PM
How to get list of roles for authenticated user? Techie Java 2 12-30-2004 07:21 PM



Advertisments