Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > User Group Membership

Reply
Thread Tools

User Group Membership

 
 
cameron
Guest
Posts: n/a
 
      06-09-2004
I need to find a user's memberOf list, (and all nested groups), very
quickly. My current method is to iterate through the the results of the
the MemberOf property and then do the same to each of those groups.
While complete, this is painfully, painfully, (grow old and die before
it is done), slow.

I have looked at the m_role attribute of the princible object:

WindowsPrincipal MyPrincipal = new WindowsPrincipal(UserIdentity);
MyPrincipal.IsInRole(WindowsBuiltInRole.User);
FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
BindingFlags.NonPublic | BindingFlags.Instance);
string[] Roles = (string[])field.GetValue(MyPrincipal);
Write("<hr>Got " + Roles.Length.ToString() + " groups/roles back [string
array]<br>\n");
foreach (string Role in Roles)
{
Write("Group=" + Role + "<br>\n");
}

but this is horribly incomplete and only lists the built in groups,
(Everyone, Domain Users, etc), which is useless to me.

I also tried the TokenGroup properties:

string[] TokenGroups = new string[]
{
"tokenGroups",
"tokenGroupsGlobalAndUniversal",
"tokenGroupsNoGCAcceptable"
};
DirectoryEntry DE = Utility.GetDirectoryEntry(UserDN);
DE.RefreshCache(TokenGroups);

for(int i=0; i<TokenGroups .length; i++)
{
Write("\n<hr>" + TokenGroups[i] + "<br>\n");
PropertyValueCollection tg = DE.Properties[TokenGroups[i]];
foreach (byte[] SID in (Array)tg.Value)
{
Write("SID Name = " + getNameFromSID(SID) + "<br>\n");
}
}

but these are just as incomplete as the m_role list.

This is a common enough problem that I thought there would be lots of
solutions on Google but these 2 methods were all that I could find,
(other than the brutally slow method I am already using).

This code will be calculating complete lists for thousands of users and
my method has way too much overhead. I need the nested groups since our
security model is complex and very deep. Any help would be greatly
appriecaiated.

Thanks

-Cam
 
Reply With Quote
 
 
 
 
John Saunders
Guest
Posts: n/a
 
      06-10-2004
"cameron" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I need to find a user's memberOf list, (and all nested groups), very
> quickly. My current method is to iterate through the the results of the
> the MemberOf property and then do the same to each of those groups.
> While complete, this is painfully, painfully, (grow old and die before
> it is done), slow.


You might want to reconsider your reasons for wanting to do this. What are
you going to do with that list once you get it? And how much do you care
that some of the groups may change their group membership, perhaps even
while you're recursively enumerating?
--
John Saunders
johnwsaundersiii at hotmail


 
Reply With Quote
 
 
 
 
cameron
Guest
Posts: n/a
 
      06-10-2004
It is a web application. The list is used to control the display of the
page since each group can potentially change the layout of the window.
The list is calculated and cached and used until one of its
dependencies, (the groups), are changed at which time it is recalculated.

I can not really use the 'IsInRole' stuff since I do not know the groups
in advance, (user defined groups so they are completely aribarily named
and configured).

-Cam

John Saunders wrote:
> "cameron" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>>I need to find a user's memberOf list, (and all nested groups), very
>>quickly. My current method is to iterate through the the results of the
>>the MemberOf property and then do the same to each of those groups.
>>While complete, this is painfully, painfully, (grow old and die before
>>it is done), slow.

>
>
> You might want to reconsider your reasons for wanting to do this. What are
> you going to do with that list once you get it? And how much do you care
> that some of the groups may change their group membership, perhaps even
> while you're recursively enumerating?

 
Reply With Quote
 
John Saunders
Guest
Posts: n/a
 
      06-10-2004
"cameron" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It is a web application. The list is used to control the display of the
> page since each group can potentially change the layout of the window.
> The list is calculated and cached and used until one of its
> dependencies, (the groups), are changed at which time it is recalculated.
>
> I can not really use the 'IsInRole' stuff since I do not know the groups
> in advance, (user defined groups so they are completely aribarily named
> and configured).


When a group changes the layout of the window, do you know the name of the
group? If so, you can use IsInRole.
--
John Saunders
johnwsaundersiii at hotmail


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need to do a user creation/management/login/group membership David Thielen ASP .Net Security 1 05-01-2009 10:26 PM
Membership permissions after publishing an ASP.NET Membership site. Tino Donderwinkel ASP .Net 2 06-18-2008 08:16 AM
Tablet PC User Group introduction (and Windows Mobile User Group reminder) Mauricio Freitas NZ Computing 0 07-09-2005 09:19 PM
Help - Setting Up Authentication via Active Directory (Group Membership) for IPSEC and WebVPN Clients on VPN3K webspider Cisco 3 12-15-2004 04:35 AM
ASP.NET - Basic/SSL - Changes in user group membership delayed Svante ASP .Net Security 10 12-10-2004 02:15 PM



Advertisments