473,841 Members | 1,691 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Role of current windows login user

Hey everyone

I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipa l's IIdentity interface.

Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?

Thank you in advance for any help you can give me.

Mark White
Jan 15 '06 #1
8 4905
Role is a pretty general term. Most Role-based concepts in .NET equate Roles
to Groups. E.g. PrincipalPermis sion and IPrincipal.IsIn Role use Groups as
Roles.

--
http://www.peterRitchie.com/
"Mark White" wrote:
Hey everyone

I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipa l's IIdentity interface.

Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?


Jan 15 '06 #2
Mark,
WindowsIdentity has the IsAnonymous, IsAuthenticated , IsGuest, IsSystem and
Name properties.

You can enumerate roles by using a little reflection:

private void Form1_Load(obje ct sender, System.EventArg s e)
{
WindowsIdentity id = WindowsIdentity .GetCurrent();
Type idType ;
idType = id.GetType();
object result =
idType.InvokeMe mber("_GetRoles ", BindingFlags.St atic |
BindingFlags.In vokeMethod |
BindingFlags.No nPublic, null, id, new Object[] {id.Token}, null);
string[] roles = (string[])result;
int i;
for( i = 0; i<roles.Length ;i++)
Console.WriteLi ne(roles[i]);
}
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mark White" wrote:
Hey everyone

I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipa l's IIdentity interface.

Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?

Thank you in advance for any help you can give me.

Mark White

Jan 15 '06 #3

"Mark White" <ma*******@yaho o.com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| Hey everyone
|
| I'm having a great deal of problems finding this information through
google
| and yahoo, so I turn to you on this.
|
| I have a Windows app running on XP. I am able to caputre the user's Name
| property in the WindowsPrincipa l's IIdentity interface.
|
| Where can I find the role that the user is assigned for the current login?
| I only want the one role which is assigned for the current user, not all
of
| the groups in which the user belongs (that is working fine).
|
| Do I have to actually test out permissions on files/objects to find the
| current role/group? Seems to be a lot of work going that route for
| something which should be accessible in the same interface as Name. Why
| isn't it?
|
| I'm on 1.1 btw. Has this changed in 2.0?
|
| Thank you in advance for any help you can give me.
|
| Mark White
|
|

Roles are not meant to check/control resource access permissions, they are
meant for program access/flow control. These are totally different things.

if(myPrincipal. IsInRole("Sales "))
{
// Do whatever "Sales" is allowed to do, initialize the UI etc...
}
else
if((myPrincipal .IsInRole("Acco untManagers"))
// do whatever "AccountMAnager s" are allowed to do.

Resources like file and directory object permissions are checked when a user
opens the resource, this is the task of the OS and (in general) not the task
of an application program. Note that V2.0 includes managed classes that
wraps the object security access API's in Win32 by means of
System.Security .AccessControl classes, v1.1 user can achieve the same using
System.Director yServices and some ADSI stuff or by using the
System.Manageme nt and WMI classes.

Willy.
Jan 15 '06 #4
Peter

Thanks for replying. I ran your code, and it worked great. But, it doesn't
tell me which role/group the user is currently assigned for that session.

Am I misunderstandin g how roles/groups are assigned when booting up? Does
the user get assigned one role/group when logging in or does the user have
the highest permission set of of all the groups?

Or the files/apps are only permitted by certain groups/roles, and unless the
user belongs to that group, no access?

I have code that enumerates the built-in roles and it seems to work well.
But it can only check if it IsInRole. Peter, your code is much better than
what I have though.

How can I get the current (1) role/group the logged in user is assigned?

Again, thank you for the help.

Mark
"Peter Bromberg [C# MVP]" <pb*******@yaho o.nospammin.com > wrote in message
news:AB******** *************** ***********@mic rosoft.com...
Mark,
WindowsIdentity has the IsAnonymous, IsAuthenticated , IsGuest, IsSystem and Name properties.

You can enumerate roles by using a little reflection:

private void Form1_Load(obje ct sender, System.EventArg s e)
{
WindowsIdentity id = WindowsIdentity .GetCurrent();
Type idType ;
idType = id.GetType();
object result =
idType.InvokeMe mber("_GetRoles ", BindingFlags.St atic |
BindingFlags.In vokeMethod |
BindingFlags.No nPublic, null, id, new Object[] {id.Token}, null);
string[] roles = (string[])result;
int i;
for( i = 0; i<roles.Length ;i++)
Console.WriteLi ne(roles[i]);
}
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mark White" wrote:
Hey everyone

I'm having a great deal of problems finding this information through google and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name property in the WindowsPrincipa l's IIdentity interface.

Where can I find the role that the user is assigned for the current login? I only want the one role which is assigned for the current user, not all of the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?

Thank you in advance for any help you can give me.

Mark White

Jan 16 '06 #5
Willy

Thank you for taking the time to explain that. I do appreciate it.

As you can see, my knowledge of the actual plumbing underneath permissions
leaves a bit to be desired. I've never had a need to know it, until now.

Mark

"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..

"Mark White" <ma*******@yaho o.com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| Hey everyone
|
| I'm having a great deal of problems finding this information through
google
| and yahoo, so I turn to you on this.
|
| I have a Windows app running on XP. I am able to caputre the user's Name | property in the WindowsPrincipa l's IIdentity interface.
|
| Where can I find the role that the user is assigned for the current login? | I only want the one role which is assigned for the current user, not all
of
| the groups in which the user belongs (that is working fine).
|
| Do I have to actually test out permissions on files/objects to find the
| current role/group? Seems to be a lot of work going that route for
| something which should be accessible in the same interface as Name. Why
| isn't it?
|
| I'm on 1.1 btw. Has this changed in 2.0?
|
| Thank you in advance for any help you can give me.
|
| Mark White
|
|

Roles are not meant to check/control resource access permissions, they are
meant for program access/flow control. These are totally different things.

if(myPrincipal. IsInRole("Sales "))
{
// Do whatever "Sales" is allowed to do, initialize the UI etc...
}
else
if((myPrincipal .IsInRole("Acco untManagers"))
// do whatever "AccountMAnager s" are allowed to do.

Resources like file and directory object permissions are checked when a user opens the resource, this is the task of the OS and (in general) not the task of an application program. Note that V2.0 includes managed classes that
wraps the object security access API's in Win32 by means of
System.Security .AccessControl classes, v1.1 user can achieve the same using System.Director yServices and some ADSI stuff or by using the
System.Manageme nt and WMI classes.

Willy.

Jan 16 '06 #6
One other question.

This was on a "skills test". The time has passed, and I'm not interested in
seeing any code. Just trying to make sense of this.

One of the requirements was to "display the role of the current logged in
user".

This was the test from the tech. manager. Unless it's a typo, shouldn't it
be role(s)?

Thanks.
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..

"Mark White" <ma*******@yaho o.com> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| Hey everyone
|
| I'm having a great deal of problems finding this information through
google
| and yahoo, so I turn to you on this.
|
| I have a Windows app running on XP. I am able to caputre the user's Name | property in the WindowsPrincipa l's IIdentity interface.
|
| Where can I find the role that the user is assigned for the current login? | I only want the one role which is assigned for the current user, not all
of
| the groups in which the user belongs (that is working fine).
|
| Do I have to actually test out permissions on files/objects to find the
| current role/group? Seems to be a lot of work going that route for
| something which should be accessible in the same interface as Name. Why
| isn't it?
|
| I'm on 1.1 btw. Has this changed in 2.0?
|
| Thank you in advance for any help you can give me.
|
| Mark White
|
|

Roles are not meant to check/control resource access permissions, they are
meant for program access/flow control. These are totally different things.

if(myPrincipal. IsInRole("Sales "))
{
// Do whatever "Sales" is allowed to do, initialize the UI etc...
}
else
if((myPrincipal .IsInRole("Acco untManagers"))
// do whatever "AccountMAnager s" are allowed to do.

Resources like file and directory object permissions are checked when a user opens the resource, this is the task of the OS and (in general) not the task of an application program. Note that V2.0 includes managed classes that
wraps the object security access API's in Win32 by means of
System.Security .AccessControl classes, v1.1 user can achieve the same using System.Director yServices and some ADSI stuff or by using the
System.Manageme nt and WMI classes.

Willy.

Jan 16 '06 #7
Well, as Windows based 'roles' are mapped to "Windows security group"
membership, and because a user can be a member of more than one security
group, it should be role(s).
Take a user "Bob", which is a member of both 'SalesDpt' and 'AccountMgrs',
Bob is automatically assigned both roles. In your code you can execute
different paths depending on whether he's an account manager or just a
generic member of a sales department.
Note that enumerating user groups (roles) by reflecting private methods like
shown by Peter, is NOT the way you should go, this code is non-portable and
fails on v2. The only right way to enumerate user groups is by using the
System.Director yServices classes.

Willy.

"Mark White" <ma*******@yaho o.com> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..
| One other question.
|
| This was on a "skills test". The time has passed, and I'm not interested
in
| seeing any code. Just trying to make sense of this.
|
| One of the requirements was to "display the role of the current logged in
| user".
|
| This was the test from the tech. manager. Unless it's a typo, shouldn't
it
| be role(s)?
|
| Thanks.
| "Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
| news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| >
| > "Mark White" <ma*******@yaho o.com> wrote in message
| > news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| > | Hey everyone
| > |
| > | I'm having a great deal of problems finding this information through
| > google
| > | and yahoo, so I turn to you on this.
| > |
| > | I have a Windows app running on XP. I am able to caputre the user's
| Name
| > | property in the WindowsPrincipa l's IIdentity interface.
| > |
| > | Where can I find the role that the user is assigned for the current
| login?
| > | I only want the one role which is assigned for the current user, not
all
| > of
| > | the groups in which the user belongs (that is working fine).
| > |
| > | Do I have to actually test out permissions on files/objects to find
the
| > | current role/group? Seems to be a lot of work going that route for
| > | something which should be accessible in the same interface as Name.
Why
| > | isn't it?
| > |
| > | I'm on 1.1 btw. Has this changed in 2.0?
| > |
| > | Thank you in advance for any help you can give me.
| > |
| > | Mark White
| > |
| > |
| >
| > Roles are not meant to check/control resource access permissions, they
are
| > meant for program access/flow control. These are totally different
things.
| >
| > if(myPrincipal. IsInRole("Sales "))
| > {
| > // Do whatever "Sales" is allowed to do, initialize the UI etc...
| > }
| > else
| > if((myPrincipal .IsInRole("Acco untManagers"))
| > // do whatever "AccountMAnager s" are allowed to do.
| >
| > Resources like file and directory object permissions are checked when a
| user
| > opens the resource, this is the task of the OS and (in general) not the
| task
| > of an application program. Note that V2.0 includes managed classes that
| > wraps the object security access API's in Win32 by means of
| > System.Security .AccessControl classes, v1.1 user can achieve the same
| using
| > System.Director yServices and some ADSI stuff or by using the
| > System.Manageme nt and WMI classes.
| >
| > Willy.
| >
| >
|
|
Jan 16 '06 #8
Thanks, the ability to belong to more than one group and the stated "role of
current logged in user" threw me off.

As I mentioned in the OP, I am able to check which role(s) the user belongs
to. Not what the requirement stated, but cool nonetheless. If anything, it
led me down this path to understand it better.

I haven't started yet on 2.0 (XP Pro SP2 network issues), but the
WindowsBuiltInR ole enumeration is available in 2.0 from a quick msdn2
search. This is only the common groups installed on a Windows system.

Thanks for the help. Happy MLK day.

Mark
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:Oi******** ******@TK2MSFTN GP15.phx.gbl...
Well, as Windows based 'roles' are mapped to "Windows security group"
membership, and because a user can be a member of more than one security
group, it should be role(s).
Take a user "Bob", which is a member of both 'SalesDpt' and 'AccountMgrs',
Bob is automatically assigned both roles. In your code you can execute
different paths depending on whether he's an account manager or just a
generic member of a sales department.
Note that enumerating user groups (roles) by reflecting private methods like shown by Peter, is NOT the way you should go, this code is non-portable and fails on v2. The only right way to enumerate user groups is by using the
System.Director yServices classes.

Willy.

"Mark White" <ma*******@yaho o.com> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..
| One other question.
|
| This was on a "skills test". The time has passed, and I'm not interested in
| seeing any code. Just trying to make sense of this.
|
| One of the requirements was to "display the role of the current logged in | user".
|
| This was the test from the tech. manager. Unless it's a typo, shouldn't
it
| be role(s)?
|
| Thanks.
| "Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
| news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| >
| > "Mark White" <ma*******@yaho o.com> wrote in message
| > news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..
| > | Hey everyone
| > |
| > | I'm having a great deal of problems finding this information through
| > google
| > | and yahoo, so I turn to you on this.
| > |
| > | I have a Windows app running on XP. I am able to caputre the user's
| Name
| > | property in the WindowsPrincipa l's IIdentity interface.
| > |
| > | Where can I find the role that the user is assigned for the current
| login?
| > | I only want the one role which is assigned for the current user, not
all
| > of
| > | the groups in which the user belongs (that is working fine).
| > |
| > | Do I have to actually test out permissions on files/objects to find
the
| > | current role/group? Seems to be a lot of work going that route for
| > | something which should be accessible in the same interface as Name.
Why
| > | isn't it?
| > |
| > | I'm on 1.1 btw. Has this changed in 2.0?
| > |
| > | Thank you in advance for any help you can give me.
| > |
| > | Mark White
| > |
| > |
| >
| > Roles are not meant to check/control resource access permissions, they
are
| > meant for program access/flow control. These are totally different
things.
| >
| > if(myPrincipal. IsInRole("Sales "))
| > {
| > // Do whatever "Sales" is allowed to do, initialize the UI etc...
| > }
| > else
| > if((myPrincipal .IsInRole("Acco untManagers"))
| > // do whatever "AccountMAnager s" are allowed to do.
| >
| > Resources like file and directory object permissions are checked when a | user
| > opens the resource, this is the task of the OS and (in general) not the | task
| > of an application program. Note that V2.0 includes managed classes that | > wraps the object security access API's in Win32 by means of
| > System.Security .AccessControl classes, v1.1 user can achieve the same
| using
| > System.Director yServices and some ADSI stuff or by using the
| > System.Manageme nt and WMI classes.
| >
| > Willy.
| >
| >
|
|

Jan 16 '06 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
1568
by: Archie Campbell | last post by:
Most people cancel the "allow anonymous user" and IIS will automatically popup the user login dialog. Not me. I want anonymous users to be able to do somethings. Then, if they want to do more, they can to go to a "login page". This used to be my own ASP page. Now I dont want that. Instead I want the Windows login dialog to popup. How do I do that. How do I in my ASP page cause the Windows Login dialog to popup.
3
4475
by: teddysnips | last post by:
Currently studying for 70-229. I'm trying to understand how security for users is managed in SQL Server. I've been using SQL Server for a few years now, but without investigating the bits that "just work". So, here's the scenario. This is more or less how I create all my applications (which these days are all ASP.NET). I have a database called "TESTDB" (original, huh?)
0
957
by: Dorte | last post by:
Hi, I have an ASP.NET application where the user can enter an IP address, windows login and password information for remote servers (connected to the same network). The information is stored in a SQL server for different purposes. Before saving the windows login and password information in the database, I would like to validate that it actually works on the server. Thus I just want to login to the server and do nothing else than to...
7
2674
by: Nick | last post by:
Platform: Visual Studio 2003 Language: C# NOTES: 1. Application will need to run on Windows 2000, Windows 2003, Windows XP 2. Client machines will be standalone NOT part of a domain. 3. I don't want to depend on having Active Directory installed Problem Description: When my application starts, it checks if the current windows user
3
15921
by: Lattis | last post by:
I have the following problem: User A is logged in to a windows 2000 terminal. He runs an application which runs under the credentials of a different user. If I try to see the current user throught the application I can only see the user that started the thread. How can I see the user that is logged in?? I tried the following code: Private Function GetUser() As String
1
2679
by: dmohans | last post by:
Hi all, I need the all user names in the Windows Desktop. How to get all Windows Login user name by using VC++? Please help me. Regards Mohan.
1
2638
by: dmohans | last post by:
Hi all, I need the all user names in the Windows Desktop. How to get all Windows Login user name by using VC++? Please help me. Regards Mohan.
9
3006
by: Alex | last post by:
Get the Name and Phone Number of the Current Windows User in a .NET Application I am writing a simple .NET (C#) application. It needs to "automatic" get the Name (last, first) and phone number of the current Windows user. I guess the name can be retrieved from the environment -- After I click the Start button of Windows, my name is on the very first line of the popup menu. So, this information is provided by the Windows
2
1805
by: =?Utf-8?B?d2R1ZGVr?= | last post by:
I have a website using windows integrated security, with anonymous access turned off. The site is used to query orders from a database and when the search takes a long time, a windows login box appears. Regardless of what login the user enters into this, it does not accept it and the user is locked out of the system. Our network team and myself have been unable to find out why this is occurring, has anyone else had a similiar problem?...
0
9864
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9703
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10926
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10609
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9445
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
7024
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5691
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5879
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4081
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.