Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Thanks,
Jonny
--
/Jonny
9  6929 
I'd look up WindowsIdentity and WindowsPrincipa l.IsInRole() in MSDN,
seems like the answer
Jonny wrote: Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Thanks,
Jonny
Although the following KB article is primarily targeted at forms
authentication in ASP.NET, it does demonstrate how to validate a
username and password against active directory and then find the
groups the user is a member of.
How to authenticate against the Active Directory by using Forms
authentication and Visual C# .NET http://support.microsoft.com/default...b;en-us;316748
--
Scott http://www.OdeToCode.com
On Mon, 12 Jul 2004 04:42:05 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote: Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Thanks,
Jonny
Jonny wrote: Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Look at the sample code for WindowsIdentity .Impersonate(). That shows
how to get an WindowsIdentity using a username/password.
then take that Identity and create a WindowsPrincipa l and call the
IsInRole() method:
bool isDomAdmin = new WindowsPrincipa l(
WindowsIdentity .GetCurrent()). IsInRole(@"DOMA INNAME\Domain Admins")
There are several caveats with this:
- it requires unsafe code
- it won't work on Win9x
- it won't work in Win NT or Win 2000 unless the user context that
it's running under has the TCB privilege (LogonUser() needs that
privilege on those OS's to work)
- there is a bug with IsInROle( string) where the match on the role
name might be case-sensitive if the user belongs to more than 22 groups
(or something like that).
--
mikeb
Hi Jonny:
Ah, in that case ...
Here is some code that would list all the users in the Administrators
group:
DirectoryEntry group =
new DirectoryEntry( "WinNT://MACHINENAME/Administrators" );
object members = group.Invoke("M embers",null);
foreach( object member in (IEnumerable) members)
{
DirectoryEntry x = new DirectoryEntry( member);
Response.Write( x.Name);
Response.Write( "<br>");
}
And a little code to list all the groups for a given user:
DirectoryEntry member = new DirectoryEntry( "WinNT://MACHINE/USER");
object groups = member.Invoke(" Groups", null);
foreach( object group in (IEnumerable) groups)
{
DirectoryEntry x = new DirectoryEntry( group);
Response.Write( x.Name);
Response.Write( "<br>");
}
Hopefully that will help you out. Do you also need to validate the
password?
--s
On Mon, 12 Jul 2004 08:44:02 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote: You don't happen to kno whow to do it in a non-AD Domain?
Thanks :)
--
Scott http://www.OdeToCode.com
I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote: Actually, could you tell me your method. It would appear calling the advapi32.dll",E ntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
/Jonny
"Scott Allen" wrote: I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott
http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote:
Actually, could you tell me your method. It would appear calling the advapi32.dll",E ntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
/Jonny
"Scott Allen" wrote: I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott
http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote:
Actually, could you tell me your method. It would appear calling the advapi32.dll",E ntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
/Jonny
"Scott Allen" wrote: I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott
http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote:
Actually, could you tell me your method. It would appear calling the advapi32.dll",E ntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Jonny:
I dug around a little bit but I can't come up with any links on the
topic of LogonUser performance :/
--s
On Wed, 14 Jul 2004 01:15:01 -0700, "Jonny"
<Jo***@discussi ons.microsoft.c om> wrote: Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
Scott http://www.OdeToCode.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: SiPearson |
last post by:
Hi,
I'm writing an app that needs to get the domain the machine running it
belongs to. I know that you can do a Environment.UserDomainName, but
this returns the domain the user has logged onto.
What I have is a machine that sits on a resource domain called ***Res,
and a trusted domain the user logs onto the machine called Global.
The user always logs onto Global, but the machine could be on BobRes,
BillRes or BrianRes.
|
by: Infant Newbie |
last post by:
I have a windows 2003 domain with 2 servers - one for sql server 2000 and
another as iis. When my asp.net app connects to the sql server I get the
above error.
I modified the <processmodel> section of the machine config and created a
user "aspnet_a" with a strong password. Gave the aspnet_a rights to log on
as a service etc as in the kb articles. Above the process model section i
noticed that the notes said "Please use administrative UI...
|
by: Fred |
last post by:
I need to check if a web client is a member of a domain security group so I
can direct them to different aspx web forms for different groups.
Thanx in advance.
|
by: Jack Russell |
last post by:
Is there an easy way to tell if the current user is an administrator?
Thanks
|
by: noor |
last post by:
hi,
can any one tell me a javascript that can be called on mouseover event of a
html link control .
script can check from session either a user is login or not
In the case of Login it will redirect to the given url.
In the case of not Login it will prompt the user that u r not login kindly
login.
actually that link leads a user to Download Software. but this feature is
only for registerd user.
| | |
by: noor |
last post by:
hi,
can any one tell me a javascript that can be called on mouseover event of a
html link control .
script can check from session either a user is login or not
In the case of Login it will redirect to the given url.
In the case of not Login it will prompt the user that u r not login kindly
login.
actually that link leads a user to Download Software. but this feature is
only for registerd user.
|
by: Michael |
last post by:
Hello,
does anyone know how to find out the logged in user with domain in vc++ ?
Thanks for help
Michael
|
by: sebapi |
last post by:
Hello!
How to detect if logged user is administrator with using C# ??
Thanks for help.
Regards.
Sebastian.
|
by: Manikrag |
last post by:
Hi Team,
I am facing a strange issue, I have an application on a sever with SQL. I shifted it from one server to other. Configured all the connection strings. Now, when I am trying to access login page..it is showing below error
Error authenticating user. Cannot open database "DBAPP" requested by the login. The login failed.Login failed for user Domain\Server$'.
Strange thing is I am trying to connect with SQL authentication and not...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
