Hi,
Im in a situation where I need to restrict users, but I dont have access or
wont be allowed access to manage groups in the domain. How can I restrict
access is this case ?
--
Best Regards
The Inimitable Mr Newbie º¿º
6  2124 
I wonder then, how will you distinct a user at all?
I'm using roles, when the user get's authenticated i stamp it to 'user' :)
I think you'll need to elaborate the possiblities you have.
"Mr Newbie" <he**@now.com> schreef in bericht
news:%2****************@TK2MSFTNGP11.phx.gbl... Hi,
Im in a situation where I need to restrict users, but I dont have access
or wont be allowed access to manage groups in the domain. How can I
restrict access is this case ?
--
Best Regards
The Inimitable Mr Newbie º¿º
The possibilities are slim
Windows Authentication
No ability to add and remove people from the active directory.
I want to restrict users from being able to access the site.
--
"Edwin Knoppert" <in**@pbsoft.speedlinq.nl> wrote in message
news:dm*********@azure.qinip.net... I wonder then, how will you distinct a user at all?
I'm using roles, when the user get's authenticated i stamp it to 'user' :)
I think you'll need to elaborate the possiblities you have.
"Mr Newbie" <he**@now.com> schreef in bericht
news:%2****************@TK2MSFTNGP11.phx.gbl... Hi,
Im in a situation where I need to restrict users, but I dont have access
or wont be allowed access to manage groups in the domain. How can I
restrict access is this case ?
--
Best Regards
The Inimitable Mr Newbie º¿º
Hi Mr. N,
It's not clear from your post whether or not it is a requirement that your
users are in fact, Active Directory user accounts, or whether, perhaps, they
could be some other form of "user."
That is, if the requirement is that they are Active Directory users, and you
have access to Active Directory via System.DirectoryServices and LDAP (read
only at least), you can create a separate database with an entry for each
user. Then you can mange the permissions that each user has via this
database, which would be entirely separate from Active Directory, other then
the user account name being in Active Directory, and the web requiring an
Active Directory login to access (disallow anonymous access, in other
words). If this is the case, all Active Directory user accounts would have
to have permission to log in to the web site (so that your ASP.Net app could
authenticate them via your database), and your app would handle allowing
access to different resources, or even all resources.
If, on the other hand, you can neither grant all domain users access to the
web, or you can't get read access to the Active Directory, you could allow
anonymous access, employ a web login (via a web page), and use a database to
manage the permissions in much the same way as described above.
--
HTH,
Kevin Spencer
Microsoft MVP
..Net Developer
You can lead a fish to a bicycle,
but you can't make it stink.
"Mr Newbie" <he**@now.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... Hi,
Im in a situation where I need to restrict users, but I dont have access
or wont be allowed access to manage groups in the domain. How can I
restrict access is this case ?
--
Best Regards
The Inimitable Mr Newbie º¿º
Hi Kevin,
Thanks for your reply. I have managed to restrict access to roles by using
the following in the Authentication Event in global.asax. I have hard coded
it just for test purposes, but I can then add the allow
roles="Administrator" into the web.config and this works.
However, in my testing, I cant seem to get User.IsInRole("GroupName") to
work, it seems that the windows group membership does not correlate to this
function ( at least I cant get it to work. ) Do you know where these groups
needs to be ( Local machine, Domain, Universal group etc ? and do you
have to go get the memberships etc from those groups ??
Cheers - Mr N
If Request.IsAuthenticated Then
Dim rl As System.Collections.ArrayList
rl = DataAccess.getUserRoles(User.Identity.Name)
'Convert the roleList ArrayList to a String array
Dim roleListArray As String() = {"Administrator"}
'CType(rl.ToArray(GetType(String)), String())
'Add the roles to the User Principal
HttpContext.Current.User = _
New System.Security.Principal.GenericPrincipal(User.Id entity, roleListArray)
End If
--
Best Regards
The Inimitable Mr Newbie º¿º
"Kevin Spencer" <ke***@DIESPAMMERSDIEtakempis.com> wrote in message
news:u$****************@TK2MSFTNGP11.phx.gbl... Hi Mr. N,
It's not clear from your post whether or not it is a requirement that your
users are in fact, Active Directory user accounts, or whether, perhaps,
they could be some other form of "user."
That is, if the requirement is that they are Active Directory users, and
you have access to Active Directory via System.DirectoryServices and LDAP
(read only at least), you can create a separate database with an entry for
each user. Then you can mange the permissions that each user has via this
database, which would be entirely separate from Active Directory, other
then the user account name being in Active Directory, and the web
requiring an Active Directory login to access (disallow anonymous access,
in other words). If this is the case, all Active Directory user accounts
would have to have permission to log in to the web site (so that your
ASP.Net app could authenticate them via your database), and your app would
handle allowing access to different resources, or even all resources.
If, on the other hand, you can neither grant all domain users access to
the web, or you can't get read access to the Active Directory, you could
allow anonymous access, employ a web login (via a web page), and use a
database to manage the permissions in much the same way as described
above.
--
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
You can lead a fish to a bicycle,
but you can't make it stink.
"Mr Newbie" <he**@now.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... Hi,
Im in a situation where I need to restrict users, but I dont have access
or wont be allowed access to manage groups in the domain. How can I
restrict access is this case ?
--
Best Regards
The Inimitable Mr Newbie º¿º
Mr NewBie..
I blogged something very similar at:- http://spaces.msn.com/members/naijacoder
Just look for :-How to configure and implement a Role based Windows
Authentication
Hope that helps
Patrick
"Mr Newbie" <he**@now.com> wrote in message
news:uP*************@TK2MSFTNGP09.phx.gbl... Hi Kevin,
Thanks for your reply. I have managed to restrict access to roles by
using the following in the Authentication Event in global.asax. I have hard
coded it just for test purposes, but I can then add the allow
roles="Administrator" into the web.config and this works.
However, in my testing, I cant seem to get User.IsInRole("GroupName") to
work, it seems that the windows group membership does not correlate to
this function ( at least I cant get it to work. ) Do you know where these
groups needs to be ( Local machine, Domain, Universal group etc ? and do you
have to go get the memberships etc from those groups ??
Cheers - Mr N
If Request.IsAuthenticated Then
Dim rl As System.Collections.ArrayList
rl = DataAccess.getUserRoles(User.Identity.Name)
'Convert the roleList ArrayList to a String array
Dim roleListArray As String() = {"Administrator"}
'CType(rl.ToArray(GetType(String)), String())
'Add the roles to the User Principal
HttpContext.Current.User = _
New System.Security.Principal.GenericPrincipal(User.Id entity,
roleListArray)
End If
--
Best Regards
The Inimitable Mr Newbie º¿º
"Kevin Spencer" <ke***@DIESPAMMERSDIEtakempis.com> wrote in message
news:u$****************@TK2MSFTNGP11.phx.gbl... Hi Mr. N,
It's not clear from your post whether or not it is a requirement that
your users are in fact, Active Directory user accounts, or whether, perhaps,
they could be some other form of "user."
That is, if the requirement is that they are Active Directory users, and
you have access to Active Directory via System.DirectoryServices and
LDAP (read only at least), you can create a separate database with an entry
for each user. Then you can mange the permissions that each user has via
this database, which would be entirely separate from Active Directory, other
then the user account name being in Active Directory, and the web
requiring an Active Directory login to access (disallow anonymous
access, in other words). If this is the case, all Active Directory user accounts
would have to have permission to log in to the web site (so that your
ASP.Net app could authenticate them via your database), and your app
would handle allowing access to different resources, or even all resources.
If, on the other hand, you can neither grant all domain users access to
the web, or you can't get read access to the Active Directory, you could
allow anonymous access, employ a web login (via a web page), and use a
database to manage the permissions in much the same way as described
above.
--
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
You can lead a fish to a bicycle,
but you can't make it stink.
"Mr Newbie" <he**@now.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl... Hi,
Im in a situation where I need to restrict users, but I dont have
access or wont be allowed access to manage groups in the domain. How can I
restrict access is this case ?
--
Best Regards
The Inimitable Mr Newbie º¿º
Patrick, thanks for your reply.
Through investigation, I have discovered that you dont need impersonation to
check the group membership. What I was missing was the domain name
DOMAINNAME\GroupName
The only caviat here is that if you change the groups the user needs to log
off an on again to make the changes effective. Using the windows security
permissions principal has no real value in my case, and impersonation
carries additional overhead not to mention the extra risk of failure of the
application when those permissions are not taken into account.
--
Best Regards
The Inimitable Mr Newbie º¿º
"Patrick.O.Ige" <na********@toughguy.net> wrote in message
news:O7***************@TK2MSFTNGP11.phx.gbl... Mr NewBie..
I blogged something very similar at:-
http://spaces.msn.com/members/naijacoder
Just look for :-How to configure and implement a Role based Windows
Authentication
Hope that helps
Patrick
"Mr Newbie" <he**@now.com> wrote in message
news:uP*************@TK2MSFTNGP09.phx.gbl... Hi Kevin,
Thanks for your reply. I have managed to restrict access to roles by
using the following in the Authentication Event in global.asax. I have hard
coded it just for test purposes, but I can then add the allow
roles="Administrator" into the web.config and this works.
However, in my testing, I cant seem to get User.IsInRole("GroupName")
to
work, it seems that the windows group membership does not correlate to
this function ( at least I cant get it to work. ) Do you know where these
groups needs to be ( Local machine, Domain, Universal group etc ? and do you
have to go get the memberships etc from those groups ??
Cheers - Mr N
If Request.IsAuthenticated Then
Dim rl As System.Collections.ArrayList
rl = DataAccess.getUserRoles(User.Identity.Name)
'Convert the roleList ArrayList to a String array
Dim roleListArray As String() = {"Administrator"}
'CType(rl.ToArray(GetType(String)), String())
'Add the roles to the User Principal
HttpContext.Current.User = _
New System.Security.Principal.GenericPrincipal(User.Id entity,
roleListArray)
End If
--
Best Regards
The Inimitable Mr Newbie º¿º
"Kevin Spencer" <ke***@DIESPAMMERSDIEtakempis.com> wrote in message
news:u$****************@TK2MSFTNGP11.phx.gbl... > Hi Mr. N,
>
> It's not clear from your post whether or not it is a requirement that your > users are in fact, Active Directory user accounts, or whether, perhaps,
> they could be some other form of "user."
>
> That is, if the requirement is that they are Active Directory users,
> and
> you have access to Active Directory via System.DirectoryServices and LDAP > (read only at least), you can create a separate database with an entry for > each user. Then you can mange the permissions that each user has via this > database, which would be entirely separate from Active Directory, other
> then the user account name being in Active Directory, and the web
> requiring an Active Directory login to access (disallow anonymous access, > in other words). If this is the case, all Active Directory user
> accounts
> would have to have permission to log in to the web site (so that your
> ASP.Net app could authenticate them via your database), and your app would > handle allowing access to different resources, or even all resources.
>
> If, on the other hand, you can neither grant all domain users access to
> the web, or you can't get read access to the Active Directory, you
> could
> allow anonymous access, employ a web login (via a web page), and use a
> database to manage the permissions in much the same way as described
> above.
>
> --
> HTH,
>
> Kevin Spencer
> Microsoft MVP
> .Net Developer
> You can lead a fish to a bicycle,
> but you can't make it stink.
>
> "Mr Newbie" <he**@now.com> wrote in message
> news:%2****************@TK2MSFTNGP11.phx.gbl...
>> Hi,
>>
>> Im in a situation where I need to restrict users, but I dont have access >> or wont be allowed access to manage groups in the domain. How can I
>> restrict access is this case ?
>>
>>
>>
>> --
>> Best Regards
>>
>> The Inimitable Mr Newbie º¿º
>>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Barb |
last post by:
Hi there,
I have an Access front end application that uses a SQL Server 2000
Desktop Edition backend. I have created a package with the Access
2003 runtime that I'd now like to deploy. I have...
|
by: Nick |
last post by:
I am working a new application...well actually a series of applications for
my company. They want internal users to be able to go to a site and
everything regarding security is transparent,...
|
by: Smriti Dev |
last post by:
Hi There,
I'm creating a MS ACCESS database using Ms Access 2000 to store
Interpretation requests by different departments in a hospital and
Interpreter availability. All internal departments...
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok....
|
by: Dave |
last post by:
Greetings,
I have a web application that will be hosted on our intranet. I would like
to determine, via code the user's windows login name and domain in the
following format: DOMAIN\loginname...
|
by: Amedee Van Gasse |
last post by:
Hello,
Since it is the first time I'm posting in these groups, I believe a
(short) introduction of myself would not be a bad thing.
I am mainly a support engineer, not a programmer. I do have...
|
by: Eric |
last post by:
I trying to setup an intranet based on windows NT groups or roles.
I have used windows integrated authentication with impersonation first
but this include to use a user to access the database.
I...
|
by: James |
last post by:
I have a VB windows forms application that accesses a Microsoft Access
database that has been secured using user-level security. The
application is being deployed using No-Touch deployment. The...
|
by: charles |
last post by:
Hi,
I am trying to port my ASP application to ASP.Net 2.0
My application is sold to large corporations that have many thousands
of users. So I do not use Forms authentication. To make it more...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
