I'm trying to get my program checking Active Directory to see if the user is a member of certain groups. I got it working, tested, etc. So I was very surprised when I deployed the program (just copying the .exe to their computer as I have in the past) and it wouldn't work for anyone!
I've tried it from multiple computers under multiple users, and it only runs under my username, but then works fine from any computer when *I* log in. I had a coworker with the same local and domain privileges and group memberships as me log into a computer and it wouldn't even work under her login! The group-checking function is done under a method called authenticateUser(), and if I just skip the call to that method the program works fine when deployed to all users - so that rules out file-level security. I'm fresh out of ideas and can't seem to find anything online. If anyone knows offhand what might be the problem that'd be great. Is there a way to debug from VS05 under a different user-name? That way I could at least track down more detail on the problem. Only other detail I can think to mention is that this is the first change I've made since migrating to a Vista machine, which I *hate* btw (still with VS05). Let me know if you have any ideas, my code is below: - private void authenticateUser()
-
{
-
DirectoryEntry de = new DirectoryEntry();
-
de.Path = "WinNT://myDomain/" + SystemInformation.UserName.ToString() + ",user";
-
_Teller = de.Properties["FullName"].Value.ToString();
-
_Client = SystemInformation.ComputerName.ToString();
-
Program._Teller = _Teller;
-
-
//THE ABOVE WORKS FINE TO FIND THE LOGGED-IN USER'S NAME, HAS BEEN IN PRODUCTION FOR SEVERAL VERSIONS
-
-
DirectoryEntry DE = new DirectoryEntry("LDAP://myDomain.com");
-
DirectorySearcher search = new DirectorySearcher();
-
search.SearchRoot = DE;
-
search.Filter = "(givenName=" + SystemInformation.UserName.ToString() + ")";
-
search.PropertiesToLoad.Add("memberOf");
-
-
// THE ABOVE IS NEW, ALONG WITH ANYTHING RELATED BELOW
-
-
try
-
{
-
SearchResult result = search.FindOne();
-
-
//I THINK THE ABOVE LINE IS WHERE THE FAILURE ULTIMATELY OCCURS
-
-
int propertyCount = result.Properties["memberOf"].Count;
-
string dn;
-
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
-
{
-
dn = (string)result.Properties["memberOf"][propertyCounter];
-
try { dn = dn.Replace("CN=", ""); } catch { }
-
try { dn = dn.Replace("OU=", ""); } catch { }
-
try { dn = dn.Remove(dn.IndexOf(",")); } catch { }
-
switch (dn)
-
{
-
case "Auditor":
-
if (_SupervisorLevel < 2) { _SupervisorLevel = 2; }
-
break;
-
case "Cashier":
-
if (_SupervisorLevel < 3) { _SupervisorLevel = 3; }
-
break;
-
case "Supervisor":
-
if (_SupervisorLevel < 5) { _SupervisorLevel = 5; }
-
break;
-
case "Assistant Manager":
-
if (_SupervisorLevel < 7) { _SupervisorLevel = 7; }
-
break;
-
case "Manager":
-
if (_SupervisorLevel < 9) { _SupervisorLevel = 9; }
-
break;
-
}
-
}
-
}
-
catch (Exception ex)
-
{
-
throw new Exception("Error: " + ex.Message);
-
}
-
-
-
if (_SupervisorLevel == 2)
-
{
-
//Do Stuff
-
-
}
-
if (_SupervisorLevel >= 3)
-
{
-
//Do Stuff
-
}
-
if (_SupervisorLevel >= 5)
-
{
-
//Do Stuff
-
}
-
}
-
8  2829  Plater 7,872
Recognized Expert Expert
Are you able to discover which line caused the failure?
What was the exception?
I got "object reference not set to an instance of an object" right around:
int propertyCount = result.Properties["memberOf"].Count;
(I did notice and remember to change the "mydomain" to my actual domain)
Are you able to discover which line caused the failure?
What was the exception?
I got "object reference not set to an instance of an object" right around:
int propertyCount = result.Properties["memberOf"].Count;
(I did notice and remember to change the "mydomain" to my actual domain)
No, I'm not able to figure out where I'm having issues - when I hit F5 to begin debugging it works fine (because I'm logged in as me)... if I take the .exe it produces though and drop it on another computer it will only run when I'm logged into that pc. Is there any way to run debugging as a different user?
I believe that's the same place I'm having issues - when the exe fails on the test machine and i debug that, it says the 'object reference not set' error, but I can't trace down exactly where it's coming from other than my authenticateUser() method.
But I don't understand why running it as a different user with appropriate permissions would cause a hangup there when it works fine for my account.
 Plater 7,872
Recognized Expert Expert
You could make a special "debug" version or your program with Console.Writeline()s (or MessageBox.Show()s) before every line of the function, the last one to show will tell you what line it crashed on?
I also did this (had it return a datatable of all the properties it found) -
private DataTable authenticateUser()
-
{
-
DataTable dt = new DataTable();
-
dt.Columns.Add("Name");
-
dt.Columns.Add("Value");
-
string mydomain = "mydomain";
-
int _SupervisorLevel = 0;
-
string _Teller = "";
-
string _Client = "";
-
-
DirectoryEntry de = new DirectoryEntry();
-
de.Path = "WinNT://"+mydomain+"/" + SystemInformation.UserName.ToString() + ",user";
-
_Teller = de.Properties["FullName"].Value.ToString();
-
_Client = SystemInformation.ComputerName.ToString();
-
//Program._Teller = _Teller;
-
-
DirectoryEntry DE = new DirectoryEntry("LDAP://" + mydomain);
-
DirectorySearcher search = new DirectorySearcher();
-
search.SearchRoot = DE;
-
//search.Filter = "(givenName=" + SystemInformation.UserName.ToString() + ")";
-
//search.PropertiesToLoad.Add("memberOf");
-
-
try
-
{
-
SearchResult result = search.FindOne();
-
foreach (string PropertyName in result.Properties.PropertyNames)
-
{
-
DataRow dr = dt.NewRow();
-
dr["Name"] = PropertyName;
-
string valstring = "";
-
ResultPropertyValueCollection rvpc = result.Properties[PropertyName];
-
for (int i = 0; i < rvpc.Count; i++)
-
{
-
valstring += o.ToString() + "\r\n";
-
}
-
dr["Value"] = valstring;
-
dt.Rows.Add(dr);
-
}
-
-
}
-
catch (Exception ex)
-
{
-
throw new Exception("Error: " + ex.Message);
-
}
-
}
-
Then I looked at it in a DataGridView, there was nothing about "memberof" or "givenName"
You could make a special "debug" version or your program with Console.Writeline()s (or MessageBox.Show()s) before every line of the function, the last one to show will tell you what line it crashed on?
I also did this (had it return a datatable of all the properties it found)
-
private DataTable authenticateUser()
-
{
-
DataTable dt = new DataTable();
-
dt.Columns.Add("Name");
-
dt.Columns.Add("Value");
-
string mydomain = "mydomain";
-
int _SupervisorLevel = 0;
-
string _Teller = "";
-
string _Client = "";
-
-
DirectoryEntry de = new DirectoryEntry();
-
de.Path = "WinNT://"+mydomain+"/" + SystemInformation.UserName.ToString() + ",user";
-
_Teller = de.Properties["FullName"].Value.ToString();
-
_Client = SystemInformation.ComputerName.ToString();
-
//Program._Teller = _Teller;
-
-
DirectoryEntry DE = new DirectoryEntry("LDAP://" + mydomain);
-
DirectorySearcher search = new DirectorySearcher();
-
search.SearchRoot = DE;
-
//search.Filter = "(givenName=" + SystemInformation.UserName.ToString() + ")";
-
//search.PropertiesToLoad.Add("memberOf");
-
-
try
-
{
-
SearchResult result = search.FindOne();
-
foreach (string PropertyName in result.Properties.PropertyNames)
-
{
-
DataRow dr = dt.NewRow();
-
dr["Name"] = PropertyName;
-
string valstring = "";
-
ResultPropertyValueCollection rvpc = result.Properties[PropertyName];
-
for (int i = 0; i < rvpc.Count; i++)
-
{
-
valstring += o.ToString() + "\r\n";
-
}
-
dr["Value"] = valstring;
-
dt.Rows.Add(dr);
-
}
-
-
}
-
catch (Exception ex)
-
{
-
throw new Exception("Error: " + ex.Message);
-
}
-
}
-
Then I looked at it in a DataGridView, there was nothing about "memberof" or "givenName"
I got it figured out. It was a stupid mistake on my part (go figure) ;) I somehow misunderstood the definition of givenName - it just happened to work for me because of what my username is and what my name is. That's why it wouldn't work for anyone else though - they weren't so fortunate. What I was really looking for there instead of givenName as my filter, was sAMAccountName - the login account as seen by AD. So after replacing that it works fine - my SystemInformation.Username matches up with the sAMAccountName, it filters by that so it's just looking at my AD object (or the AD object of whoever's logged in and using my app), and then iterates through the groups I belong to (at least the ones I directly belong to) and matches up the best one for this app. Thanks for your help on it, I appreciate it!
Maxx
Plater 7,872
Recognized Expert Expert
So did the MemberOf thing work for you?
I happen to know I'm in the DomainAdmins group but I saw no group memberships listed?
So did the MemberOf thing work for you?
I happen to know I'm in the DomainAdmins group but I saw no group memberships listed?
Yeah, it's working good for me now. Loads the groups into 'result', and then iterates through them to check for membership. You'd probably have to edit the filtering I'm doing below (see notes in code), but other than that it should be good. Here's the relevant code I've got - private void authenticateUser()
-
{
-
DirectoryEntry DE = new DirectoryEntry("LDAP://myDomain.com");
-
DirectorySearcher search = new DirectorySearcher();
-
search.SearchRoot = DE;
-
search.Filter = "(sAMAccountName=" + SystemInformation.UserName.ToString() + ")";
-
search.PropertiesToLoad.Add("memberOf");
-
-
try
-
{
-
SearchResult result = search.FindOne();
-
int propertyCount = result.Properties["memberOf"].Count;
-
string dn;
-
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
-
{
-
dn = (string)result.Properties["memberOf"][propertyCounter];
-
try { dn = dn.Replace("CN=", ""); } catch { }
-
try { dn = dn.Replace("OU=", ""); } catch { }
-
try { dn = dn.Remove(dn.IndexOf(",")); } catch { }
-
-
// THE ABOVE MAY NEED TO BE EDITTED TO REFLECT YOUR ORGANIZATION'S AD STRUCTURE. IT'S JUST FILTERING OUT ALL THE UNWANTED STRUCTURE/LOCATION INFO FOR THE GROUP NAMES
-
-
}
-
}
-
catch (Exception ex)
-
{
-
throw new Exception("Error: " + ex.Message);
-
}
-
}
Plater 7,872
Recognized Expert Expert
It did in fact work without me changing anything except inserting my own domain.
Out came all the groups I was registered in. The code knocked it down to only the first group, but stepping through showed me all of them.
Interesting, but now I've forgotten what you used this code for?
It did in fact work without me changing anything except inserting my own domain.
Out came all the groups I was registered in. The code knocked it down to only the first group, but stepping through showed me all of them.
Interesting, but now I've forgotten what you used this code for?
I'm using it for authentication/setting permissions on a program we've got running downstairs.
The department that uses it has fairly high turnover, so I wanted to relieve the pain for everyone involved of having that department's managers maintain an integrated user DB for this program - so instead when we make the users' AD accounts upstairs in IT we now assign them as a member of a group in AD pertaining to their access level in this program (programX user, programX supervisor, programX manager, etc)... Voila! All the user has to do is login to their machine with a single account, and it checks group membership when they run this program, and assigns permissions within the program accordingly. Easy for us to administer, painless for department managers, less confusing for the users, and less paperwork.
Maxx
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Karen Hill |
last post by:
I would like to be able to programatically check for group membership
in an access database. For example, I would like to be able to check
is someone is in the admin group before the program does...
|
by: Terry E Dow |
last post by:
Howdy,
I am having trouble with the objectCategory=group member.Count attribute.
I get one of three counts, a number between 1-999, no member (does not
contain member property), or 0. Using...
|
by: Jan Nielsen |
last post by:
In ASP.Net I'm trying to check for some users membership of a group.
The user is not nessicerily the user requesting the page, and I do not have
the users password.
So far I've created the...
|
by: Steve Oswald via DotNetMonster.com |
last post by:
Hello!
I need to get a list of all members of a specific group (whether or not the currently logged-in user is a member of that group) in a VB.NET codebehind page.
I am able to get all the...
|
by: Sameh Ahmed |
last post by:
Hello there
IsInrole gives ya the means to check if the current or impersonated user
belongs to a specific windows role or group.
is there a way to do the same without using ADSI to check if...
|
by: TC |
last post by:
In the past I always regarded user/group security as fairly tight. It
is tricky to implement, but once implemented properly, it can't be
cracked except through a dedicated effort.
Recently,...
|
by: Bob |
last post by:
I am developing an ASP.NET application that needs to archive documents and
support the retrieval of them. When the document is stored, the user needs
to be able to indicate whether it is a public...
|
by: Glenn |
last post by:
My current classic-ASP site has users, projects, roles and the 2.0
membership looks like a perfect fit, but I'm having trouble finding
examples of how to have users that belong to different...
|
by: Paul.Pucciarelli |
last post by:
So I have some 'groups' which 'users' can join. There is no
enrollment limit on these 'groups'. How should I store the list of
users enrolled in the group?
I'd like to be able to quickly...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
