I just get stuck on how to check if a user is a member of network (domain).
I am building an internal tracking system with ASP.Net with Form
authentication. When an user is added into the system, it check if the user
is a member of the domain account against Global Catalog. If not, the user
is not allowed to added in. If is, get the user's first name and last name
and insert into the database.
Because the system need access to other resource, I don't want to use
impersonation. Changing WindonIdentity with impersonation at run time is
also not a choice because the web server is running on Windows 2000. Based
on the Security context, how to check if a user in the system or not? Thank
you in advance.
--Caspy
3  2120 
Thanks for your reply. Actually, I have the code block work fine in WinApps
to access to LDAP. It also works in ASP.Net with windows authentication and
imperonation enabled. I just cannot make it work in form authentication
without imperonation. The problem is how to set the security context.
Here is the method:
public static bool FindUser(string identification, ref string FirstName,
ref string LastName)
{
bool result = false;
string _path = "GC://";
// Setup the filter
identification = identification. Substring(ident ification.LastI ndexOf(@"\")
+ 1,
identification. Length - identification. LastIndexOf(@"\ ")-1);
string userNameFilter =
string.Format(" (&(ObjectClass= Person)(SAMAcco untName={0}))",
identification) ;
// Get a Directory Searcher to the LDAPPath
DirectorySearch er searcher = new DirectorySearch er(_path);
if (searcher == null)
{
return false;
}
// Add the properties that need to be retrieved
searcher.Proper tiesToLoad.Add( "givenName" );
searcher.Proper tiesToLoad.Add( "sn");
// Set the filter for the search
searcher.Filter = userNameFilter;
try
{
// Execute the search
SearchResult search = searcher.FindOn e();
if (search != null)
{
FirstName = SearchResultPro perty(search, "givenName" );
LastName = SearchResultPro perty(search, "sn");
result = true;
}
else
result = false;
}
catch (Exception ex)
{
result = false;
}
return result;
}
Thanks,
--Capsy
"Kannan.V [MCSD.net]" <Ka************ @discussions.mi crosoft.com> wrote in
message news:4D******** *************** ***********@mic rosoft.com... hi,
These links were useful for a similar scenario for me.
http://www.dotnet247.com/247reference/msgs/4/20782.aspx
http://www.dotnet247.com/247referenc...51/256427.aspx
http://www.dotnet247.com/247referenc.../__discussions
hope this helps
--
Kannan.V
Home : http://www.kannanv.com
Blog : http://kannanv.blogspot.com
Web : http://www.DotnetLounge.net
"Any one who has never made a mistake has never tried anything new" -
Einstein
"Caspy" wrote:
I just get stuck on how to check if a user is a member of network
(domain). I am building an internal tracking system with ASP.Net with Form
authentication. When an user is added into the system, it check if the
user is a member of the domain account against Global Catalog. If not, the
user is not allowed to added in. If is, get the user's first name and last
name and insert into the database.
Because the system need access to other resource, I don't want to use
impersonation. Changing WindonIdentity with impersonation at run time is
also not a choice because the web server is running on Windows 2000.
Based on the Security context, how to check if a user in the system or not?
Thank you in advance.
--Caspy
As a side note, it may be beneficial to use FindAll() and iterate
through the returned SearchResultCol lection instead of using FindOne(). This
is to prevent against a known leak in .NET 1.1 (fixed in 2.0, however) where
the underlying COM object is not released. Remember to call Dispose() on
your DirectorySearch er and DirectoryEntry objects when you are finished with
them -- the finally{} section of an exception handler is a good place to do
this, that way it gets disposed regardless of whether an exception occurs or
not.
-- Sean M
"Caspy" <ca******@yahoo .com> wrote in message
news:em******** ******@TK2MSFTN GP09.phx.gbl... Thanks for your reply. Actually, I have the code block work fine in
WinApps
to access to LDAP. It also works in ASP.Net with windows authentication
and
imperonation enabled. I just cannot make it work in form authentication
without imperonation. The problem is how to set the security context.
Here is the method:
public static bool FindUser(string identification, ref string FirstName,
ref string LastName)
{
bool result = false;
string _path = "GC://";
// Setup the filter
identification =
identification. Substring(ident ification.LastI ndexOf(@"\")
+ 1,
identification. Length - identification. LastIndexOf(@"\ ")-1);
string userNameFilter =
string.Format(" (&(ObjectClass= Person)(SAMAcco untName={0}))",
identification) ;
// Get a Directory Searcher to the LDAPPath
DirectorySearch er searcher = new DirectorySearch er(_path);
if (searcher == null)
{
return false;
}
// Add the properties that need to be retrieved
searcher.Proper tiesToLoad.Add( "givenName" );
searcher.Proper tiesToLoad.Add( "sn");
// Set the filter for the search
searcher.Filter = userNameFilter;
try
{
// Execute the search
SearchResult search = searcher.FindOn e();
if (search != null)
{
FirstName = SearchResultPro perty(search, "givenName" );
LastName = SearchResultPro perty(search, "sn");
result = true;
}
else
result = false;
}
catch (Exception ex)
{
result = false;
}
return result;
}
Thanks,
--Capsy
"Kannan.V [MCSD.net]" <Ka************ @discussions.mi crosoft.com> wrote in
message news:4D******** *************** ***********@mic rosoft.com... hi,
These links were useful for a similar scenario for me.
http://www.dotnet247.com/247reference/msgs/4/20782.aspx
http://www.dotnet247.com/247referenc...51/256427.aspx
http://www.dotnet247.com/247referenc.../__discussions
hope this helps
--
Kannan.V
Home : http://www.kannanv.com
Blog : http://kannanv.blogspot.com
Web : http://www.DotnetLounge.net
"Any one who has never made a mistake has never tried anything new" -
Einstein
"Caspy" wrote:
> I just get stuck on how to check if a user is a member of network (domain). > I am building an internal tracking system with ASP.Net with Form
> authentication. When an user is added into the system, it check if the user > is a member of the domain account against Global Catalog. If not, the user > is not allowed to added in. If is, get the user's first name and last name > and insert into the database.
> Because the system need access to other resource, I don't want to use
> impersonation. Changing WindonIdentity with impersonation at run time
> is
> also not a choice because the web server is running on Windows 2000. Based > on the Security context, how to check if a user in the system or not? Thank > you in advance.
>
> --Caspy
>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Leonard |
last post by:
I am using SmtpMail on a couple of ASP.NET pages. When
mail is sent to an address outside the domain I get
the "Could not access 'CDO.Message' object." error
message. I have looked in the newsgroup and I see several
entries on this but none that seem to work in my situation.
Exchange 2000 is running on same machine as the Web server
which is also a domain controller. I see a discussion of
several things such as using impersonation to...
|
by: Razak |
last post by:
Hi,
I have a class which basically do Impersonation in my web application. From
MS KB sample:-
++++++++++++++++++++code starts
Dim impersonationContext As
System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
|
by: Andy |
last post by:
HI all,
I'm trying to read Active Directory from within an Asp.net application
which is not impersonating any domain user.
I'd like to allow the site to query the Active directory, but I want to
make sure that the access is done in a secure way.
What are the options and their benefits / drawbacks?
|
by: CJM |
last post by:
I use the following technique to impersonate a user in ASP, in order to
query active directory:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;248187
Although the article indicates that this technique is supported by IIS4 &
IIS5, I actually run it successfully on Windows Server 2003 (IIS6).
However, I've got a new development machine which is running XP Pro x64
Edition, and now this technique doesnt work ('Cannot create...
|
by: Raghu |
last post by:
I have following code that validates a given user credentails against a
active directory. The login part works but I can not search as it fails to
return
the record. Does any one have any idea what is wrong?
public void Login(string user, string pwd, string domain)
{
string path = "<<my ldap path>>";
DirectoryEntry domainEntry = new DirectoryEntry(path);
| | |
by: Arthur |
last post by:
Hi All,
I would like to get the name of the user given their networkID, is this
something Active Directory would be useful for?(For intranet users)
If so, can you please point me to some sample code/examples?
Thanks in advance,
Arthur
|
by: Daniel Knöpfel |
last post by:
Hello
On our asp.net 2.0 website we impersonate every request to the identity of
the user logged in. This works this way:
1. user logs in, providing username, password
2. user is authenticated against an active directory and the windows
identity is retrieved (and stored in the session!!)
3. user is impersonated using the windows identity (thread is now
running under the identity of the user)
|
by: kkos |
last post by:
I noticed the following issue posted as a double-hop issue in many discussion
boards but found no answers that explain how to pass the second hop
with windows auth from IIS ASPX page to remote SQL Server.
Problem:
--------------
I am trying to create an asp.net website with integrated windows authentication
to access SQL databases. IIS resides on WinXP and SQL Server
on Win2000 SRV. Both are in the same NT Domain. IIS and SQL Server...
|
by: rote |
last post by:
My sceanrio is this on an asp.net 2.0 freamework.
I want to use any of the data controls e.g Gridview,DetailView etc..
But i want some buttons e.g update,edit save etc to be enable or disabled
based on if they belong to some security groups in active
directory.
I'm looking for the best options for this because i want to store those
security groups somewhere and then check for the
user against those security groups for their authorisation...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
