Enumerating Groups Using WindowsIdentity.GetCurrent() Returns Old Set Of Groups

Feb 1, 2011

I have a user that when I attempt to enumerate her groups using either System.Security.Principal.WindowsIdentity.GetCurrent().Groups on user's computer
or System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups on the IIS server, I get a list of their old groups, not their new. I have checked the DC that they authenticate to and the ASP.NET page is running inside a SharePoint instance so the LogonUserIdentity most like is being provided from there Kerberos ticket.
Should I be looking up the groups directly from the AD instead of relying on the WindowsIdentity or LogonUserIdentity?

View 1 Replies


Similar Messages:

Security :: Web.config Authorization Roles With Local Groups With Domain Groups In Them

Sep 29, 2010

I am "DomainMyDomainUserName" If I do this:

[Code]....

I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:

[Code]....

I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:

[Code]....

I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:

[Code]....

I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.

What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).

View 2 Replies

C# - Get Local Groups And Not The Primary Groups For A Domain User

Dec 18, 2010

i have a code to get the groups a user belongs to.

try
{
DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));
DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");
object obGroups = user.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
return false;
}

the above code works fine when i have to find the groups of a local user but

for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.

Research

I did some finding and got that i am being returned the primary group of the domain user

called "Domain User" group

but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions

another code using LDAP

string domain = Environment.UserDomainName;
DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher search = new DirectorySearcher();
search.SearchRoot = DE;
search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name
search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups
try
{
SearchResult result = search.FindOne(); // Grab the records and assign them to result
if (result != null)
{
DirectoryEntry theUser = result.GetDirectoryEntry();
theUser.RefreshCache(new string[] { "tokenGroups" });
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);
DirectorySearcher sidSearcher = new DirectorySearcher();
sidSearcher.SearchRoot = DE;
sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
sidSearcher.PropertiesToLoad.Add("distinguishedName");
SearchResult sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
}
}
}
else
{
new GUIUtility().LogMessageToFile("no user found");
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
return false;
}

this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...?

View 2 Replies

How To Change The Value Returned By WindowsIdentity.GetCurrent

Jan 7, 2010

I'm writing an ASP.net application and I'm working with the WindowsIdentity.GetCurrent() function. I want to know how (or if it's possible) to change what identity the ASP.net application runs as.

I eventually want to run it as an account associated with the end-user. I understand I can do this with Windows Authentication in IIS, but Windows Authentication will not work with my particular application. If I can programmatically log the user in with a AD username and password, that will be fine.

How can I set the WindowsIdentity the ASP.net application runs as without using Windows Authentication in IIS?

Update: This question has been sitting idle for a long time. I think that perhaps the framework does not allow me to do what I'm describing here.

View 1 Replies

Using WindowsIdentity.GetCurrent() Failed In Windows Server 2008 R2?

Dec 7, 2010

I have an asp.net 2.0 application that is suppose to pick the Identity of the currently logged in user on a client machine and use it to setup working environment for the user. On win xp and windows server 2003 this works fine. but on moving the application to Windows Server 2008 R2 .

View 1 Replies

C# - Get All Windows Groups?

Oct 25, 2010

I wrote this to get the groups a particular user belongs to:

DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
DirectoryEntry user = AD.Children.Find(completeUserName, "user");
object obGroups = AD.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
for (int j = 0; j < listOfMyWindowsGroups.Count; j++)
{
//ex
}

How is it possible to retrieve all the groups in windows and not just for a particular user?

View 2 Replies

Validation Groups In Web Configure?

Mar 22, 2010

basically i have a page with the followingtextbox1 button1 and required field1 /validator callout1textbox2 button2 and required field2 /validator callout2button1 needs to only call validation controls1 and button2 needs to call validation controls2. how do i do this. I'm not really sure what to search for so any links to a tutorial/explanation

View 3 Replies

Validation On Blood Groups In Asp.net?

Feb 15, 2010

in my application i going to validate the blood groups, can u tell me how can i validate blood groups.

View 1 Replies

Using Yahoo Groups For Authentication?

Mar 14, 2011

I'm trying to determine if there is a Yahoo API that I can use to create authentication based on membership in a Yahoo Group for a non-Yahoo website writte in ASP.NET. Basically, if a person is a member of a particular group, then they would be able to Login to this website.

Our club has an existing Yahoo site, but we'd like to disconnect from Yahoo while retaining the emailing capability that it offers, and I'd like to keep the number of places to be members of to a minimum. So if a person signs up for the Yahoo group, I'd like them automatically be able to login to the non-Yahoo site without any other steps.

View 3 Replies

How To Get The Groups Of A User In Active Directory

Mar 15, 2011

I use this code to get the groups of the current user. But I want to manually give the user and then get his groups. How can I do this?

[code]....

View 2 Replies

C# - How To Validate Against Multiple Validation Groups

Mar 14, 2011

I have a Form like this.

UserID has to be validated when user clicks "Check Availability" and "Submit"

Hence "UserID" required field validator has to be assigned two grops.

As if now it is assigned only Group1

[code]....

I have already gone through How to validate against Multiple validation groups?

which talks about validating Group1 and Group2 when user clicks "Submit" which is a good alternate solution.

View 1 Replies

How To Validate Against Multiple Validation Groups

Mar 24, 2010

I have two validation groups: parent and child

I have an add button that needs to only validate the child validation group which is easily done. The save button needs to validate against the parent and child validation groups, both client side and server side. I think I know how to do it server side by calling the Page.Validate("groupname") method for each group, but how can it be done client side?

View 1 Replies

How To List Windows Users And Groups

Aug 18, 2010

I have a ASP.NET Website project and I need to list all the users and their groups on my Windows system. I have set the identity impersonation to true and provided the username and password of the admin in the web.config. Where do I start?

Update:

I have the following code at the moment -

var machine = new DirectoryEntry("WinNT://<IP ADDRESS>");
foreach (DirectoryEntry child in machine.Children)
{
// get the child's group(s).
}

When I debug, I can see the list of users in machine.Children. How do I find the group(s) that this user belongs to?

View 2 Replies

Any Way To Get Domain Level User Groups?

Mar 31, 2011

In asp.net/c#, is there a way to find all of the AD level user groups from a given domain in which the logged in user belongs to? E.g. I have a domain level user and few groups. I want to pass in the domain name and the logged in user's user name and get a list of AD groups of that particular domain.

View 2 Replies

Loop Database Result In Groups?

Apr 2, 2010

I have a query that returns a pretty big result. I want to break the big set into several smaller sets to pass into a function. If i had a 100 records returned, how would i get 10 datasets?

View 1 Replies

C# - Find Out User Belongs To Which Groups

Sep 8, 2010

I have a windows user accounts which i just created take XYZ for example.

This XYZ belongs to a User group and a custom group i created in Computer Management --> Local users and groups.

So in properties i see that the user belongs to the 2 groups.

Now i want to get those groups and display them. any suggestions???

i have done this but this is not right as it gives me the roles of SQL (i think)

here is what i did:

after logging in and impersonating i call the function

getUserGroups();

private void getUserGroups()
{
// collect the user domain and identity
string[] arr =
System.Web.HttpContext.Current.Request.
LogonUserIdentity.Name.Split('\');
// update the display to show
// the captured domain and user
if (arr.Length > 0)
{
new GUIUtility().LogMessageToFile("User Name" + arr[0].ToString());
new GUIUtility().LogMessageToFile("User Domain" + arr[1].ToString());
}
// create an arraylist and populate
// it with the list of groups that
// the current user belongs to
ArrayList al = new ArrayList();
al = GetGroups();
// check to see if the user belongs
// to a specific group and create
// a list of all of the user's groups
foreach (string s in al)
{
// add this one to the list
new GUIUtility().LogMessageToFile("Group" + s);
// check to see if the user
// belongs to a specific group
//if (s == "BXSWLT\SomeCustomGroup")
//{
// // change the label to show
// // there was a match
// lblMemberOfGroup.Text = "YES";
//}
}
}
public ArrayList GetGroups()
{
ArrayList groups = new ArrayList();
foreach (System.Security.Principal.IdentityReference group in
System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
{
groups.Add(group.Translate(typeof
(System.Security.Principal.NTAccount)).ToString());
}
return groups;
}

the Result i get is:

9/8/2010 5:57:22 PM: User Name NT AUTHORITY.
9/8/2010 5:57:22 PM: User Domain IUSR.
9/8/2010 5:57:22 PM: Group Everyone.
9/8/2010 5:57:22 PM: Group BUILTINUsers.
9/8/2010 5:57:22 PM: Group NT AUTHORITYAuthenticated Users.
9/8/2010 5:57:22 PM: Group NT AUTHORITYThis Organization.
9/8/2010 5:57:22 PM: Group LOCAL.

View 1 Replies

C# - Check For Groups A User Is A Member Of

Sep 9, 2010

i have the code to get the members of a local group example administrators

private void GetUserGrps()
{
using (DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
foreach (object member in (IEnumerable)groupEntry.Invoke("Members"))
{
using (DirectoryEntry memberEntry = new DirectoryEntry(member))
{
new GUIUtility().LogMessageToFile(memberEntry.Path);
}
}
}

Is there a way to get the groups a local user belongs to using directory services?

without using activedirectory or domain in it because i want for the local machine only and not for a domain.

View 1 Replies

Web Forms :: Iterate Through Validation Groups?

Mar 31, 2010

I have a multi section form which the user can jump between sections to complete. Each section has its own validation group associated with it. I want to create a summary page which itterates through each of the validation groups and outputs if it is valid or not by changing an associated text.The problem that I am having is that once one validation group fails validation all subsequent sections also report as failing - presumably as the page.isvalid is still holding the fact that a previous group has failed

View 1 Replies

ADO.NET :: How To Declare Multiple Groups In LINQ

Aug 17, 2010

How can I declare multiple groups in LINQ? I get this error "Range variable 'Group' is already declared." Error found in bold and underlined text below.

Dim SportsWear = From c in dbContext.SportsTable Group Join grp_Attire In dbContext.AttireTable On grp_Attire.AttireId Equals c.AttireId Into Group From sportsAttire In Group.DefaultIfEmpty() Group Join grp_SportType In dbContext.SportType On grp_SportType.TypeId Equals c.TypeId Into Group From sportsType In Group.DefaultIfEmpty() Select New With { _ .Attire = sportsAttire.AttireName,.Type = sportsType.TypeName}

View 1 Replies

VS 2008 - How To List Info In Groups Rather Than In Grid

Nov 14, 2010

I'm not sure the best way to explain this but I want to take results from a stored procedure and list them but not in a grid. I am listing user profiles and I want to display a picture, name, description and other info from each record. But I want each in a group. How is this done in asp.net?

View 2 Replies

Web Forms :: How To Assing 2 Validation Groups To A Button

Feb 6, 2010

I thought I could assign more than 2 validation groups, separated by comma as follows.

<asp:Button ID="Button2" runat="server" Text="both v1 & v2 validate" ValidationGroup="v1, v2" onclick="Button2_Click"/>

but it didn't work.What i want to do is, when a user clicks button1, it only validates validation group"v1" When button2 is clicked, it validates both "v1" & "v2" validatino groups.
<asp:TextBox ID="TextBox1" runat="server" ValidationGroup="v1"/>
<asp:RequiredFieldValidator
ID="RequiredFieldValidator1" runat="server" ErrorMessage="*" ValidationGroup="v1" ControlToValidate="TextBox1"/> [code]....

this file is uploaded to http://zuke.us/espada/test1.aspx

View 9 Replies

Validation Rule Belong To Multiple Groups?

Feb 18, 2010

Is it possible for an ASP.NET Validation Rule to belong to multiple groups? I'd like to validate the same control in different ways based on what mode the form is in using a single Validator. For the purposes of this question, the modes are Simple, which requires fewer fields, or Complex, which requires more fields. I know I can write CustomValidators (which I have done in the past), but I'd like a simpler solution.

So, I'd like to combine the following:

<asp:RequiredFieldValidator ValidationGroup="Simple" ControlToValidate="Name" />
<asp:RequiredFieldValidator ValidationGroup="Complex" ControlToValidate="Name" />

View 2 Replies

Validate Groups And Time String Compre

May 8, 2010

i created a page with validates. now i want to add the back buttion but when i click it all the validates comes "up". how can I cancel them? maybe with a gruop or somthing?

an the secound qustion is about time, i have like that HH:MM. the time tyoe is string,how i compare them now?

View 5 Replies

Web Forms :: ConfirmButton Can Work With 2 Validation Groups

Apr 2, 2010

What I would like to do is to validate my aspx before showing the confirmation diaglog. After long hours of searching on the Net I came up with this:Some Validation controls with 2 different validation groups (ValidationGroup1 and NoValidation)ValidationSummary control is set to ValidationGroup1 with MessageBox=TrueButton1 is set to ValiationGroup1 (this button is hidden)Button2 is set to ValidationGroup1 with javascript onclick function to click button1.
ConfirmButtonExtender1 with TargetControlID=button1

View 4 Replies

Security :: Use Roles Stored In SQL And AD Users / Groups?

Feb 7, 2011

I need to create a site that is Roles based and can use AD groups and Users. I found Scott Mitchell's tutorials for setting up "role-based-authorization-cs" [URL]

I've changed to using Windows auth. instead of forms and am pointing it to a remote SQL Database. I can successfully add a user/password/email etc. (although I believe the password and email sections aren't required and would like to remove them as options).

When I create a user (usera) and login to a windows box as usera the menu displays correctly based on the Roles I've added the user to in the SQL Database.

When I add an AD Group and add it to the same Role the menu's that are displayed do not match that of usera.

I'd like to be able to add entire AD groups (They can obviously change so it needs to be dynamic in some way), as well as add individual AD users to Roles. I'd prefer to do this via a Web interface.

My questions are.

1. Am I going about this the right way?

2. If I'm not what would be a better way?

3. If I am what do I need to do to allow ADGroup lookup?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved