I have a ASP.NET Website project and I need to list all the users and their groups on my Windows system. I have set the identity impersonation to true and provided the username and password of the admin in the web.config. Where do I start?
Update:
I have the following code at the moment -
var machine = new DirectoryEntry("WinNT://<IP ADDRESS>"); foreach (DirectoryEntry child in machine.Children) { // get the child's group(s). }
When I debug, I can see the list of users in machine.Children. How do I find the group(s) that this user belongs to?
I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:
[Code]....
I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:
[Code]....
I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:
[Code]....
I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.
What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).
I have a user that when I attempt to enumerate her groups using either System.Security.Principal.WindowsIdentity.GetCurrent().Groups on user's computer or System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups on the IIS server, I get a list of their old groups, not their new. I have checked the DC that they authenticate to and the ASP.NET page is running inside a SharePoint instance so the LogonUserIdentity most like is being provided from there Kerberos ticket. Should I be looking up the groups directly from the AD instead of relying on the WindowsIdentity or LogonUserIdentity?
i have a code to get the groups a user belongs to.
try { DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName)); DirectoryEntry user = adRoot.Children.Find(completeUserName, "User"); object obGroups = user.Invoke("Groups"); foreach (object ob in (IEnumerable)obGroups) { // Create object for each group. DirectoryEntry obGpEntry = new DirectoryEntry(ob); listOfMyWindowsGroups.Add(obGpEntry.Name); } return true; } catch (Exception ex) { new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex); return false; }
the above code works fine when i have to find the groups of a local user but
for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.
Research
I did some finding and got that i am being returned the primary group of the domain user
called "Domain User" group
but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions
another code using LDAP
string domain = Environment.UserDomainName; DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure); DirectorySearcher search = new DirectorySearcher(); search.SearchRoot = DE; search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups try { SearchResult result = search.FindOne(); // Grab the records and assign them to result if (result != null) { DirectoryEntry theUser = result.GetDirectoryEntry(); theUser.RefreshCache(new string[] { "tokenGroups" }); foreach (byte[] resultBytes in theUser.Properties["tokenGroups"]) { System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0); DirectorySearcher sidSearcher = new DirectorySearcher(); sidSearcher.SearchRoot = DE; sidSearcher.Filter = "(objectSid=" + mySID.Value + ")"; sidSearcher.PropertiesToLoad.Add("distinguishedName"); SearchResult sidResult = sidSearcher.FindOne(); if (sidResult != null) { listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]); } } } else { new GUIUtility().LogMessageToFile("no user found"); } return true; } catch (Exception ex) { new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user. return false; }
this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...?
basically i have a page with the followingtextbox1 button1 and required field1 /validator callout1textbox2 button2 and required field2 /validator callout2button1 needs to only call validation controls1 and button2 needs to call validation controls2. how do i do this. I'm not really sure what to search for so any links to a tutorial/explanation
I'm trying to determine if there is a Yahoo API that I can use to create authentication based on membership in a Yahoo Group for a non-Yahoo website writte in ASP.NET. Basically, if a person is a member of a particular group, then they would be able to Login to this website.
Our club has an existing Yahoo site, but we'd like to disconnect from Yahoo while retaining the emailing capability that it offers, and I'd like to keep the number of places to be members of to a minimum. So if a person signs up for the Yahoo group, I'd like them automatically be able to login to the non-Yahoo site without any other steps.
I have an add button that needs to only validate the child validation group which is easily done. The save button needs to validate against the parent and child validation groups, both client side and server side. I think I know how to do it server side by calling the Page.Validate("groupname") method for each group, but how can it be done client side?
In asp.net/c#, is there a way to find all of the AD level user groups from a given domain in which the logged in user belongs to? E.g. I have a domain level user and few groups. I want to pass in the domain name and the logged in user's user name and get a list of AD groups of that particular domain.
I have a query that returns a pretty big result. I want to break the big set into several smaller sets to pass into a function. If i had a 100 records returned, how would i get 10 datasets?
I have a windows user accounts which i just created take XYZ for example.
This XYZ belongs to a User group and a custom group i created in Computer Management --> Local users and groups.
So in properties i see that the user belongs to the 2 groups.
Now i want to get those groups and display them. any suggestions???
i have done this but this is not right as it gives me the roles of SQL (i think)
here is what i did:
after logging in and impersonating i call the function
getUserGroups();
private void getUserGroups() { // collect the user domain and identity string[] arr = System.Web.HttpContext.Current.Request. LogonUserIdentity.Name.Split('\'); // update the display to show // the captured domain and user if (arr.Length > 0) { new GUIUtility().LogMessageToFile("User Name" + arr[0].ToString()); new GUIUtility().LogMessageToFile("User Domain" + arr[1].ToString()); } // create an arraylist and populate // it with the list of groups that // the current user belongs to ArrayList al = new ArrayList(); al = GetGroups(); // check to see if the user belongs // to a specific group and create // a list of all of the user's groups foreach (string s in al) { // add this one to the list new GUIUtility().LogMessageToFile("Group" + s); // check to see if the user // belongs to a specific group //if (s == "BXSWLT\SomeCustomGroup") //{ // // change the label to show // // there was a match // lblMemberOfGroup.Text = "YES"; //} } } public ArrayList GetGroups() { ArrayList groups = new ArrayList(); foreach (System.Security.Principal.IdentityReference group in System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups) { groups.Add(group.Translate(typeof (System.Security.Principal.NTAccount)).ToString()); } return groups; }
the Result i get is:
9/8/2010 5:57:22 PM: User Name NT AUTHORITY. 9/8/2010 5:57:22 PM: User Domain IUSR. 9/8/2010 5:57:22 PM: Group Everyone. 9/8/2010 5:57:22 PM: Group BUILTINUsers. 9/8/2010 5:57:22 PM: Group NT AUTHORITYAuthenticated Users. 9/8/2010 5:57:22 PM: Group NT AUTHORITYThis Organization. 9/8/2010 5:57:22 PM: Group LOCAL.
i have the code to get the members of a local group example administrators
private void GetUserGrps() { using (DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group")) { foreach (object member in (IEnumerable)groupEntry.Invoke("Members")) { using (DirectoryEntry memberEntry = new DirectoryEntry(member)) { new GUIUtility().LogMessageToFile(memberEntry.Path); } } }
Is there a way to get the groups a local user belongs to using directory services?
without using activedirectory or domain in it because i want for the local machine only and not for a domain.
I have a multi section form which the user can jump between sections to complete. Each section has its own validation group associated with it. I want to create a summary page which itterates through each of the validation groups and outputs if it is valid or not by changing an associated text.The problem that I am having is that once one validation group fails validation all subsequent sections also report as failing - presumably as the page.isvalid is still holding the fact that a previous group has failed
How can I declare multiple groups in LINQ? I get this error "Range variable 'Group' is already declared." Error found in bold and underlined text below.
Dim SportsWear = From c in dbContext.SportsTable Group Join grp_Attire In dbContext.AttireTable On grp_Attire.AttireId Equals c.AttireId Into Group From sportsAttire In Group.DefaultIfEmpty() Group Join grp_SportType In dbContext.SportType On grp_SportType.TypeId Equals c.TypeId Into Group From sportsType In Group.DefaultIfEmpty() Select New With { _ .Attire = sportsAttire.AttireName,.Type = sportsType.TypeName}
I'm not sure the best way to explain this but I want to take results from a stored procedure and list them but not in a grid. I am listing user profiles and I want to display a picture, name, description and other info from each record. But I want each in a group. How is this done in asp.net?
but it didn't work.What i want to do is, when a user clicks button1, it only validates validation group"v1" When button2 is clicked, it validates both "v1" & "v2" validatino groups. <asp:TextBox ID="TextBox1" runat="server" ValidationGroup="v1"/> <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ErrorMessage="*" ValidationGroup="v1" ControlToValidate="TextBox1"/> [code]....
this file is uploaded to http://zuke.us/espada/test1.aspx
Is it possible for an ASP.NET Validation Rule to belong to multiple groups? I'd like to validate the same control in different ways based on what mode the form is in using a single Validator. For the purposes of this question, the modes are Simple, which requires fewer fields, or Complex, which requires more fields. I know I can write CustomValidators (which I have done in the past), but I'd like a simpler solution.
i created a page with validates. now i want to add the back buttion but when i click it all the validates comes "up". how can I cancel them? maybe with a gruop or somthing?
an the secound qustion is about time, i have like that HH:MM. the time tyoe is string,how i compare them now?
What I would like to do is to validate my aspx before showing the confirmation diaglog. After long hours of searching on the Net I came up with this:Some Validation controls with 2 different validation groups (ValidationGroup1 and NoValidation)ValidationSummary control is set to ValidationGroup1 with MessageBox=TrueButton1 is set to ValiationGroup1 (this button is hidden)Button2 is set to ValidationGroup1 with javascript onclick function to click button1. ConfirmButtonExtender1 with TargetControlID=button1
I need to create a site that is Roles based and can use AD groups and Users. I found Scott Mitchell's tutorials for setting up "role-based-authorization-cs" [URL]
I've changed to using Windows auth. instead of forms and am pointing it to a remote SQL Database. I can successfully add a user/password/email etc. (although I believe the password and email sections aren't required and would like to remove them as options).
When I create a user (usera) and login to a windows box as usera the menu displays correctly based on the Roles I've added the user to in the SQL Database.
When I add an AD Group and add it to the same Role the menu's that are displayed do not match that of usera.
I'd like to be able to add entire AD groups (They can obviously change so it needs to be dynamic in some way), as well as add individual AD users to Roles. I'd prefer to do this via a Web interface.
My questions are.
1. Am I going about this the right way?
2. If I'm not what would be a better way?
3. If I am what do I need to do to allow ADGroup lookup?
I would like to display the contents of a DataTable, divided into several groups depending on the value of one of the columns. So, if I have a DataTable (from SQL query) with:
GroupID Name Description 1 foo bar 1 one two 2 some thing
I would like to place all records containing GroupID 1 in one div, all records with GroupID 2 in another div, and so on. How can I do this?
How can I configure my web.config file so that my login page can serve domain users in a local group on the server? It's easier for us to modify members of the group on the server than having someone else do it on a domain group that we don't have access to.