Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > GetRolesForUser ActiveDirectoryMembershipProvider

Reply
Thread Tools

GetRolesForUser ActiveDirectoryMembershipProvider

 
 
Jerry C
Guest
Posts: n/a
 
      03-21-2007
I am using the ActiveDirectoryMembershipProvider for forms authentication in
a application the user id validated with the line.

if (Membership.ValidateUser(UserName.Text,Password.Te xt))
{
wp.IsInRole("cd\\System Admin") //Works great
String ICdUser = WindowsIdentity.GetCurrent().Name;
//gets user looks like this CD\\cdadmin
String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work

}

The error is:
Method is only supported if the user name parameter matches the user name in
the current Windows Identity.

I am using the line:
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
enabled="true"/>
for the role manager and I am sure the membership provider is working since
the user is validated.
since the line WindowsIdentity.GetCurrent().Name works and returns the user
there must be a Windows Identity.

What am I doing wrong.

Thank you for helping





--
Jerry
 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      03-21-2007
The token role provider only works with

<authentication mode="Windows" />

And can't be mixed with membership.

WindowsIdentity.GetCurrent returns the server identity - not the client one.

a) there is no built in way to get roles from AD with forms authentication
b) the token role provider is absolutely useless IMO


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> I am using the ActiveDirectoryMembershipProvider for forms
> authentication in a application the user id validated with the line.
>
> if (Membership.ValidateUser(UserName.Text,Password.Te xt))
> {
> wp.IsInRole("cd\\System Admin") //Works great
> String ICdUser = WindowsIdentity.GetCurrent().Name;
> //gets user looks like this CD\\cdadmin
> String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
> }
>
> The error is:
> Method is only supported if the user name parameter matches the user
> name in
> the current Windows Identity.
> I am using the line:
> <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
> enabled="true"/>
> for the role manager and I am sure the membership provider is working
> since
> the user is validated.
> since the line WindowsIdentity.GetCurrent().Name works and returns
> the user there must be a Windows Identity.
>
> What am I doing wrong.
>
> Thank you for helping
>



 
Reply With Quote
 
 
 
 
Jerry C
Guest
Posts: n/a
 
      03-21-2007
Dominick,

Thank you for the answer. I will get the groups with LDAP


--
Jerry


"Dominick Baier" wrote:

> The token role provider only works with
>
> <authentication mode="Windows" />
>
> And can't be mixed with membership.
>
> WindowsIdentity.GetCurrent returns the server identity - not the client one.
>
> a) there is no built in way to get roles from AD with forms authentication
> b) the token role provider is absolutely useless IMO
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
>
> > I am using the ActiveDirectoryMembershipProvider for forms
> > authentication in a application the user id validated with the line.
> >
> > if (Membership.ValidateUser(UserName.Text,Password.Te xt))
> > {
> > wp.IsInRole("cd\\System Admin") //Works great
> > String ICdUser = WindowsIdentity.GetCurrent().Name;
> > //gets user looks like this CD\\cdadmin
> > String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
> > }
> >
> > The error is:
> > Method is only supported if the user name parameter matches the user
> > name in
> > the current Windows Identity.
> > I am using the line:
> > <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
> > enabled="true"/>
> > for the role manager and I am sure the membership provider is working
> > since
> > the user is validated.
> > since the line WindowsIdentity.GetCurrent().Name works and returns
> > the user there must be a Windows Identity.
> >
> > What am I doing wrong.
> >
> > Thank you for helping
> >

>
>
>

 
Reply With Quote
 
Joe Kaplan
Guest
Posts: n/a
 
      03-21-2007
We have a sample from our book on our website that you can adapt to this
purpose (ch 10).

My co-author, Ryan, started writing an LDAP based role provider for AD that
would compliment the MS AD membership provider but ran into a few snags with
scalability and stopped giving it out to people. He hasn't had time yet to
correct the errors and clean it up for distribution. Otherwise, I'd suggest
you just download it from our site directly instead of our sample code.

Maybe someday when he has more time...

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jerry C" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dominick,
>
> Thank you for the answer. I will get the groups with LDAP
>
>
> --
> Jerry
>
>
> "Dominick Baier" wrote:
>
>> The token role provider only works with
>>
>> <authentication mode="Windows" />
>>
>> And can't be mixed with membership.
>>
>> WindowsIdentity.GetCurrent returns the server identity - not the client
>> one.
>>
>> a) there is no built in way to get roles from AD with forms
>> authentication
>> b) the token role provider is absolutely useless IMO
>>
>>
>> -----
>> Dominick Baier (http://www.leastprivilege.com)
>>
>> Developing More Secure Microsoft ASP.NET 2.0 Applications
>> (http://www.microsoft.com/mspress/books/9989.asp)
>>
>> > I am using the ActiveDirectoryMembershipProvider for forms
>> > authentication in a application the user id validated with the line.
>> >
>> > if (Membership.ValidateUser(UserName.Text,Password.Te xt))
>> > {
>> > wp.IsInRole("cd\\System Admin") //Works great
>> > String ICdUser = WindowsIdentity.GetCurrent().Name;
>> > //gets user looks like this CD\\cdadmin
>> > String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
>> > }
>> >
>> > The error is:
>> > Method is only supported if the user name parameter matches the user
>> > name in
>> > the current Windows Identity.
>> > I am using the line:
>> > <roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
>> > enabled="true"/>
>> > for the role manager and I am sure the membership provider is working
>> > since
>> > the user is validated.
>> > since the line WindowsIdentity.GetCurrent().Name works and returns
>> > the user there must be a Windows Identity.
>> >
>> > What am I doing wrong.
>> >
>> > Thank you for helping
>> >

>>
>>
>>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System.Web.Security.Roles.GetRolesForUser() is not returning the correct results Nathan Sokalski ASP .Net 2 08-09-2008 04:12 PM
System.Web.Security.Roles.GetRolesForUser() is returning no results Nathan Sokalski ASP .Net 2 08-05-2008 10:17 PM
Bind to Roles.GetRolesForUser mazdotnet ASP .Net 1 09-13-2007 06:20 AM
Getting RolePrincipal to use RoleProvider.IsInRole rather than RoleProvider.GetRolesForUser Keith Patrick ASP .Net Security 1 08-20-2006 09:23 AM
Roles.IsUserInRole maps call to GetRolesForUser... Why? =?Utf-8?B?QmVuIFIu?= ASP .Net 7 03-24-2006 01:10 AM



Advertisments