473,323 Members | 1,551 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,323 software developers and data experts.

Determine NT groups if in hierarchy?

We have setup 4 NT groups - Executive, Manager, Employee and
Contractor. The premise is that an Executive has all of the privileges
of Itself plus Manager plus Employee plus Contractor while an Employee
only has itself and Contractor.

We did this as a hierarchy where the higher (i.e. Executive) has a
member of the one directly below (i.e. Manager):

Executive has a member of Manager
Manager has a member of Employee
Employee has a member of Contractor
Contractor

Using .NET 2.0 we are using Page.User.Identity.Name to determine the
user and from there can determine the NT groups in which they belong by
using the following:

// Display the SIDs for the groups the current user belongs.
Response.Write("<br>Display the SIDs for the groups the current user
belongs");
WindowsIdentity wi = User.Identity as WindowsIdentity;
Response.Write("<br>");
Response.Write("Is Authenticated=" + wi.IsAuthenticated);
Response.Write("<br>");
// Display the SID for the owner.
Response.Write("The SID for the owner is : ");
SecurityIdentifier si = wi.Owner;
Response.Write(si.ToString());
StringCollection roles = new StringCollection();
foreach (IdentityReference group in wi.Groups)
{
Response.Write("<br>" + group.Value);
string role =
((NTAccount)group.Translate(typeof(NTAccount))).Va lue;
Response.Write(" - " + role.ToString());
}

If I set myself up in the Manager group and run the code above I see
that I'm a member of the Manager group. The problem is that I need to
check to make sure I'm a member of the Employee group but how would I
go about doing this? Do I write code that somehow traverses the groups
or will NT handle this? Since theoretically if I'm a member of the
Manager then if we setup the groups correctly I should also be a member
of Employee and Contractor. We're attempting Impersonation/Delegation
against a database.
Thanks,
Gary

Dec 6 '06 #1
2 1891
OHM
Easy to test. Set youself up as a member of the emloyees group and then if
this is a member of the managers group,. If NT were to apply its
hierarchical membership method you would be a member of managers by default.
However, I dont think ( and I may be wrong ) that this works in this fashion
for the purposes of ASP.NET I would be interested to try that though.

Post back and let us know how you got on

--

Best Regards - OHM

http://TrainingOn.net
--------------------------------------------------
<ga***********@gmail.comwrote in message
news:11**********************@j72g2000cwa.googlegr oups.com...
We have setup 4 NT groups - Executive, Manager, Employee and
Contractor. The premise is that an Executive has all of the privileges
of Itself plus Manager plus Employee plus Contractor while an Employee
only has itself and Contractor.

We did this as a hierarchy where the higher (i.e. Executive) has a
member of the one directly below (i.e. Manager):

Executive has a member of Manager
Manager has a member of Employee
Employee has a member of Contractor
Contractor

Using .NET 2.0 we are using Page.User.Identity.Name to determine the
user and from there can determine the NT groups in which they belong by
using the following:

// Display the SIDs for the groups the current user belongs.
Response.Write("<br>Display the SIDs for the groups the current user
belongs");
WindowsIdentity wi = User.Identity as WindowsIdentity;
Response.Write("<br>");
Response.Write("Is Authenticated=" + wi.IsAuthenticated);
Response.Write("<br>");
// Display the SID for the owner.
Response.Write("The SID for the owner is : ");
SecurityIdentifier si = wi.Owner;
Response.Write(si.ToString());
StringCollection roles = new StringCollection();
foreach (IdentityReference group in wi.Groups)
{
Response.Write("<br>" + group.Value);
string role =
((NTAccount)group.Translate(typeof(NTAccount))).Va lue;
Response.Write(" - " + role.ToString());
}

If I set myself up in the Manager group and run the code above I see
that I'm a member of the Manager group. The problem is that I need to
check to make sure I'm a member of the Employee group but how would I
go about doing this? Do I write code that somehow traverses the groups
or will NT handle this? Since theoretically if I'm a member of the
Manager then if we setup the groups correctly I should also be a member
of Employee and Contractor. We're attempting Impersonation/Delegation
against a database.
Thanks,
Gary

Dec 11 '06 #2
It actually worked! NT traversed the the groups and displayed all of
the member groups.

Gary

OHM wrote:
Easy to test. Set youself up as a member of the emloyees group and then if
this is a member of the managers group,. If NT were to apply its
hierarchical membership method you would be a member of managers by default.
However, I dont think ( and I may be wrong ) that this works in this fashion
for the purposes of ASP.NET I would be interested to try that though.

Post back and let us know how you got on

--

Best Regards - OHM

http://TrainingOn.net
--------------------------------------------------
<ga***********@gmail.comwrote in message
news:11**********************@j72g2000cwa.googlegr oups.com...
We have setup 4 NT groups - Executive, Manager, Employee and
Contractor. The premise is that an Executive has all of the privileges
of Itself plus Manager plus Employee plus Contractor while an Employee
only has itself and Contractor.

We did this as a hierarchy where the higher (i.e. Executive) has a
member of the one directly below (i.e. Manager):

Executive has a member of Manager
Manager has a member of Employee
Employee has a member of Contractor
Contractor

Using .NET 2.0 we are using Page.User.Identity.Name to determine the
user and from there can determine the NT groups in which they belong by
using the following:

// Display the SIDs for the groups the current user belongs.
Response.Write("<br>Display the SIDs for the groups the current user
belongs");
WindowsIdentity wi = User.Identity as WindowsIdentity;
Response.Write("<br>");
Response.Write("Is Authenticated=" + wi.IsAuthenticated);
Response.Write("<br>");
// Display the SID for the owner.
Response.Write("The SID for the owner is : ");
SecurityIdentifier si = wi.Owner;
Response.Write(si.ToString());
StringCollection roles = new StringCollection();
foreach (IdentityReference group in wi.Groups)
{
Response.Write("<br>" + group.Value);
string role =
((NTAccount)group.Translate(typeof(NTAccount))).Va lue;
Response.Write(" - " + role.ToString());
}

If I set myself up in the Manager group and run the code above I see
that I'm a member of the Manager group. The problem is that I need to
check to make sure I'm a member of the Employee group but how would I
go about doing this? Do I write code that somehow traverses the groups
or will NT handle this? Since theoretically if I'm a member of the
Manager then if we setup the groups correctly I should also be a member
of Employee and Contractor. We're attempting Impersonation/Delegation
against a database.
Thanks,
Gary
Dec 13 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Lenard Lindstrom | last post by:
I was wondering if anyone has suggested having Python determine a method's kind from its first parameter. 'self' is a de facto reserved word; 'cls' is a good indicator of a class method ( __new__...
21
by: yer.lys | last post by:
When I print my web page the background image shrinks severly when I print from Firefox, but when I print in IE it cuts it like I would expect it to. Is this a bug or is there a mistake in my code...
5
by: Victor | last post by:
With Yahoo's support being non-existent, and with more and more ISPs (and countries) blocking Yahoo Group's IP addresses, I'm looking for a replacement for Yahoo Groups. Does anyone know of an...
4
by: FraterQ | last post by:
Hello, after i've read this post, i tried it myself and it works....
2
by: Liam McNamara | last post by:
I am having the same problem as the one I found in google below: ...
14
by: J. Jones | last post by:
Suppose the following: class MyContainer : System.Collections.CollectionBase { //... } (where CollectionBase implements IList, ICollection) How do I determine if a type (such as...
1
by: Chris Ashley | last post by:
I'm trying to use a treeview control for navigation in an app. How do I determine which node has been selected? I can't use the text property because some nodes have the same name, and the index...
3
by: Developer in California | last post by:
I am working on developing a generic Web framework using Master Pages in ASP.NET 2.0. What I have done is created a PageRenderer class which has a public method which will retrieve the path of the...
3
by: Giampaolo Rodola' | last post by:
Hi, I'd like to know if there's a way to determine which is the best buffer size to use when you have to send() and recv() some data over the network. I have an FTP server application which, on...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.