Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Thanks,
Jonny
--
/Jonny
9  6902 
I'd look up WindowsIdentity and WindowsPrincipal.IsInRole() in MSDN,
seems like the answer
Jonny wrote: Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Thanks,
Jonny
Although the following KB article is primarily targeted at forms
authentication in ASP.NET, it does demonstrate how to validate a
username and password against active directory and then find the
groups the user is a member of.
How to authenticate against the Active Directory by using Forms
authentication and Visual C# .NET http://support.microsoft.com/default...b;en-us;316748
--
Scott http://www.OdeToCode.com
On Mon, 12 Jul 2004 04:42:05 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote: Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Thanks,
Jonny
Jonny wrote: Hey all,
I need to verify that a provided username is a Domain Administrator. Any idea's on how to do this?
Look at the sample code for WindowsIdentity.Impersonate(). That shows
how to get an WindowsIdentity using a username/password.
then take that Identity and create a WindowsPrincipal and call the
IsInRole() method:
bool isDomAdmin = new WindowsPrincipal(
WindowsIdentity.GetCurrent()).IsInRole(@"DOMAINNAM E\Domain Admins")
There are several caveats with this:
- it requires unsafe code
- it won't work on Win9x
- it won't work in Win NT or Win 2000 unless the user context that
it's running under has the TCB privilege (LogonUser() needs that
privilege on those OS's to work)
- there is a bug with IsInROle( string) where the match on the role
name might be case-sensitive if the user belongs to more than 22 groups
(or something like that).
--
mikeb
Hi Jonny:
Ah, in that case ...
Here is some code that would list all the users in the Administrators
group:
DirectoryEntry group =
new DirectoryEntry("WinNT://MACHINENAME/Administrators");
object members = group.Invoke("Members",null);
foreach( object member in (IEnumerable) members)
{
DirectoryEntry x = new DirectoryEntry(member);
Response.Write(x.Name);
Response.Write("<br>");
}
And a little code to list all the groups for a given user:
DirectoryEntry member = new DirectoryEntry("WinNT://MACHINE/USER");
object groups = member.Invoke("Groups", null);
foreach( object group in (IEnumerable) groups)
{
DirectoryEntry x = new DirectoryEntry(group);
Response.Write(x.Name);
Response.Write("<br>");
}
Hopefully that will help you out. Do you also need to validate the
password?
--s
On Mon, 12 Jul 2004 08:44:02 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote: You don't happen to kno whow to do it in a non-AD Domain?
Thanks :)
--
Scott http://www.OdeToCode.com
I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote: Actually, could you tell me your method. It would appear calling the advapi32.dll",EntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
/Jonny
"Scott Allen" wrote: I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott
http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote:
Actually, could you tell me your method. It would appear calling the advapi32.dll",EntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
/Jonny
"Scott Allen" wrote: I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott
http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote:
Actually, could you tell me your method. It would appear calling the advapi32.dll",EntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
/Jonny
"Scott Allen" wrote: I know on windows 2000 LogonUser requires some elevated permissions.
Are you on 2000 or XP / 2003?
Do you need the user token to do impersonation? Or just simply
validate the password?
--
Scott
http://www.OdeToCode.com
On Tue, 13 Jul 2004 09:11:04 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote:
Actually, could you tell me your method. It would appear calling the advapi32.dll",EntryPoint = "LogonUser" is not reliable, or particularly fast.
Thanks !
Jonny:
I dug around a little bit but I can't come up with any links on the
topic of LogonUser performance :/
--s
On Wed, 14 Jul 2004 01:15:01 -0700, "Jonny"
<Jo***@discussions.microsoft.com> wrote: Hi Scott,
I only need to validate the password, the method needs to be multi-OS, i.e. NT, 2K, XP and 2K3. It also needs to be pretty quick. I don't really have a problem if i have to different methods for each OS, its just preferable. The user running the App will more than likely be a Domain Administrator, if not they should not be running it in the first place.
Thanks again,
--
Scott http://www.OdeToCode.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: SiPearson |
last post by:
Hi,
I'm writing an app that needs to get the domain the machine running it
belongs to. I know that you can do a Environment.UserDomainName, but
this returns the domain the user has logged onto....
|
by: Infant Newbie |
last post by:
I have a windows 2003 domain with 2 servers - one for sql server 2000 and
another as iis. When my asp.net app connects to the sql server I get the
above error.
I modified the <processmodel>...
|
by: Fred |
last post by:
I need to check if a web client is a member of a domain security group so I
can direct them to different aspx web forms for different groups.
Thanx in advance.
|
by: Jack Russell |
last post by:
Is there an easy way to tell if the current user is an administrator?
Thanks
|
by: noor |
last post by:
hi,
can any one tell me a javascript that can be called on mouseover event of a
html link control .
script can check from session either a user is login or not
In the case of Login it will...
|
by: noor |
last post by:
hi,
can any one tell me a javascript that can be called on mouseover event of a
html link control .
script can check from session either a user is login or not
In the case of Login it will...
|
by: Michael |
last post by:
Hello,
does anyone know how to find out the logged in user with domain in vc++ ?
Thanks for help
Michael
|
by: sebapi |
last post by:
Hello!
How to detect if logged user is administrator with using C# ??
Thanks for help.
Regards.
Sebastian.
|
by: Manikrag |
last post by:
Hi Team,
I am facing a strange issue, I have an application on a sever with SQL. I shifted it from one server to other. Configured all the connection strings. Now, when I am trying to access login...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
