473,320 Members | 1,979 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Role of current windows login user

Hey everyone

I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipal's IIdentity interface.

Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?

Thank you in advance for any help you can give me.

Mark White
Jan 15 '06 #1
8 4863
Role is a pretty general term. Most Role-based concepts in .NET equate Roles
to Groups. E.g. PrincipalPermission and IPrincipal.IsInRole use Groups as
Roles.

--
http://www.peterRitchie.com/
"Mark White" wrote:
Hey everyone

I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipal's IIdentity interface.

Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?


Jan 15 '06 #2
Mark,
WindowsIdentity has the IsAnonymous, IsAuthenticated, IsGuest, IsSystem and
Name properties.

You can enumerate roles by using a little reflection:

private void Form1_Load(object sender, System.EventArgs e)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
Type idType ;
idType = id.GetType();
object result =
idType.InvokeMember("_GetRoles", BindingFlags.Static |
BindingFlags.InvokeMethod |
BindingFlags.NonPublic, null, id, new Object[] {id.Token}, null);
string[] roles = (string[])result;
int i;
for( i = 0; i<roles.Length ;i++)
Console.WriteLine(roles[i]);
}
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mark White" wrote:
Hey everyone

I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipal's IIdentity interface.

Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?

Thank you in advance for any help you can give me.

Mark White

Jan 15 '06 #3

"Mark White" <ma*******@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
| Hey everyone
|
| I'm having a great deal of problems finding this information through
google
| and yahoo, so I turn to you on this.
|
| I have a Windows app running on XP. I am able to caputre the user's Name
| property in the WindowsPrincipal's IIdentity interface.
|
| Where can I find the role that the user is assigned for the current login?
| I only want the one role which is assigned for the current user, not all
of
| the groups in which the user belongs (that is working fine).
|
| Do I have to actually test out permissions on files/objects to find the
| current role/group? Seems to be a lot of work going that route for
| something which should be accessible in the same interface as Name. Why
| isn't it?
|
| I'm on 1.1 btw. Has this changed in 2.0?
|
| Thank you in advance for any help you can give me.
|
| Mark White
|
|

Roles are not meant to check/control resource access permissions, they are
meant for program access/flow control. These are totally different things.

if(myPrincipal.IsInRole("Sales"))
{
// Do whatever "Sales" is allowed to do, initialize the UI etc...
}
else
if((myPrincipal.IsInRole("AccountManagers"))
// do whatever "AccountMAnagers" are allowed to do.

Resources like file and directory object permissions are checked when a user
opens the resource, this is the task of the OS and (in general) not the task
of an application program. Note that V2.0 includes managed classes that
wraps the object security access API's in Win32 by means of
System.Security.AccessControl classes, v1.1 user can achieve the same using
System.DirectoryServices and some ADSI stuff or by using the
System.Management and WMI classes.

Willy.
Jan 15 '06 #4
Peter

Thanks for replying. I ran your code, and it worked great. But, it doesn't
tell me which role/group the user is currently assigned for that session.

Am I misunderstanding how roles/groups are assigned when booting up? Does
the user get assigned one role/group when logging in or does the user have
the highest permission set of of all the groups?

Or the files/apps are only permitted by certain groups/roles, and unless the
user belongs to that group, no access?

I have code that enumerates the built-in roles and it seems to work well.
But it can only check if it IsInRole. Peter, your code is much better than
what I have though.

How can I get the current (1) role/group the logged in user is assigned?

Again, thank you for the help.

Mark
"Peter Bromberg [C# MVP]" <pb*******@yahoo.nospammin.com> wrote in message
news:AB**********************************@microsof t.com...
Mark,
WindowsIdentity has the IsAnonymous, IsAuthenticated, IsGuest, IsSystem and Name properties.

You can enumerate roles by using a little reflection:

private void Form1_Load(object sender, System.EventArgs e)
{
WindowsIdentity id = WindowsIdentity.GetCurrent();
Type idType ;
idType = id.GetType();
object result =
idType.InvokeMember("_GetRoles", BindingFlags.Static |
BindingFlags.InvokeMethod |
BindingFlags.NonPublic, null, id, new Object[] {id.Token}, null);
string[] roles = (string[])result;
int i;
for( i = 0; i<roles.Length ;i++)
Console.WriteLine(roles[i]);
}
--
Co-founder, Eggheadcafe.com developer portal:
http://www.eggheadcafe.com
UnBlog:
http://petesbloggerama.blogspot.com


"Mark White" wrote:
Hey everyone

I'm having a great deal of problems finding this information through google and yahoo, so I turn to you on this.

I have a Windows app running on XP. I am able to caputre the user's Name property in the WindowsPrincipal's IIdentity interface.

Where can I find the role that the user is assigned for the current login? I only want the one role which is assigned for the current user, not all of the groups in which the user belongs (that is working fine).

Do I have to actually test out permissions on files/objects to find the
current role/group? Seems to be a lot of work going that route for
something which should be accessible in the same interface as Name. Why
isn't it?

I'm on 1.1 btw. Has this changed in 2.0?

Thank you in advance for any help you can give me.

Mark White

Jan 16 '06 #5
Willy

Thank you for taking the time to explain that. I do appreciate it.

As you can see, my knowledge of the actual plumbing underneath permissions
leaves a bit to be desired. I've never had a need to know it, until now.

Mark

"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...

"Mark White" <ma*******@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
| Hey everyone
|
| I'm having a great deal of problems finding this information through
google
| and yahoo, so I turn to you on this.
|
| I have a Windows app running on XP. I am able to caputre the user's Name | property in the WindowsPrincipal's IIdentity interface.
|
| Where can I find the role that the user is assigned for the current login? | I only want the one role which is assigned for the current user, not all
of
| the groups in which the user belongs (that is working fine).
|
| Do I have to actually test out permissions on files/objects to find the
| current role/group? Seems to be a lot of work going that route for
| something which should be accessible in the same interface as Name. Why
| isn't it?
|
| I'm on 1.1 btw. Has this changed in 2.0?
|
| Thank you in advance for any help you can give me.
|
| Mark White
|
|

Roles are not meant to check/control resource access permissions, they are
meant for program access/flow control. These are totally different things.

if(myPrincipal.IsInRole("Sales"))
{
// Do whatever "Sales" is allowed to do, initialize the UI etc...
}
else
if((myPrincipal.IsInRole("AccountManagers"))
// do whatever "AccountMAnagers" are allowed to do.

Resources like file and directory object permissions are checked when a user opens the resource, this is the task of the OS and (in general) not the task of an application program. Note that V2.0 includes managed classes that
wraps the object security access API's in Win32 by means of
System.Security.AccessControl classes, v1.1 user can achieve the same using System.DirectoryServices and some ADSI stuff or by using the
System.Management and WMI classes.

Willy.

Jan 16 '06 #6
One other question.

This was on a "skills test". The time has passed, and I'm not interested in
seeing any code. Just trying to make sense of this.

One of the requirements was to "display the role of the current logged in
user".

This was the test from the tech. manager. Unless it's a typo, shouldn't it
be role(s)?

Thanks.
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...

"Mark White" <ma*******@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
| Hey everyone
|
| I'm having a great deal of problems finding this information through
google
| and yahoo, so I turn to you on this.
|
| I have a Windows app running on XP. I am able to caputre the user's Name | property in the WindowsPrincipal's IIdentity interface.
|
| Where can I find the role that the user is assigned for the current login? | I only want the one role which is assigned for the current user, not all
of
| the groups in which the user belongs (that is working fine).
|
| Do I have to actually test out permissions on files/objects to find the
| current role/group? Seems to be a lot of work going that route for
| something which should be accessible in the same interface as Name. Why
| isn't it?
|
| I'm on 1.1 btw. Has this changed in 2.0?
|
| Thank you in advance for any help you can give me.
|
| Mark White
|
|

Roles are not meant to check/control resource access permissions, they are
meant for program access/flow control. These are totally different things.

if(myPrincipal.IsInRole("Sales"))
{
// Do whatever "Sales" is allowed to do, initialize the UI etc...
}
else
if((myPrincipal.IsInRole("AccountManagers"))
// do whatever "AccountMAnagers" are allowed to do.

Resources like file and directory object permissions are checked when a user opens the resource, this is the task of the OS and (in general) not the task of an application program. Note that V2.0 includes managed classes that
wraps the object security access API's in Win32 by means of
System.Security.AccessControl classes, v1.1 user can achieve the same using System.DirectoryServices and some ADSI stuff or by using the
System.Management and WMI classes.

Willy.

Jan 16 '06 #7
Well, as Windows based 'roles' are mapped to "Windows security group"
membership, and because a user can be a member of more than one security
group, it should be role(s).
Take a user "Bob", which is a member of both 'SalesDpt' and 'AccountMgrs',
Bob is automatically assigned both roles. In your code you can execute
different paths depending on whether he's an account manager or just a
generic member of a sales department.
Note that enumerating user groups (roles) by reflecting private methods like
shown by Peter, is NOT the way you should go, this code is non-portable and
fails on v2. The only right way to enumerate user groups is by using the
System.DirectoryServices classes.

Willy.

"Mark White" <ma*******@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
| One other question.
|
| This was on a "skills test". The time has passed, and I'm not interested
in
| seeing any code. Just trying to make sense of this.
|
| One of the requirements was to "display the role of the current logged in
| user".
|
| This was the test from the tech. manager. Unless it's a typo, shouldn't
it
| be role(s)?
|
| Thanks.
| "Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
| news:%2****************@TK2MSFTNGP11.phx.gbl...
| >
| > "Mark White" <ma*******@yahoo.com> wrote in message
| > news:%2****************@TK2MSFTNGP11.phx.gbl...
| > | Hey everyone
| > |
| > | I'm having a great deal of problems finding this information through
| > google
| > | and yahoo, so I turn to you on this.
| > |
| > | I have a Windows app running on XP. I am able to caputre the user's
| Name
| > | property in the WindowsPrincipal's IIdentity interface.
| > |
| > | Where can I find the role that the user is assigned for the current
| login?
| > | I only want the one role which is assigned for the current user, not
all
| > of
| > | the groups in which the user belongs (that is working fine).
| > |
| > | Do I have to actually test out permissions on files/objects to find
the
| > | current role/group? Seems to be a lot of work going that route for
| > | something which should be accessible in the same interface as Name.
Why
| > | isn't it?
| > |
| > | I'm on 1.1 btw. Has this changed in 2.0?
| > |
| > | Thank you in advance for any help you can give me.
| > |
| > | Mark White
| > |
| > |
| >
| > Roles are not meant to check/control resource access permissions, they
are
| > meant for program access/flow control. These are totally different
things.
| >
| > if(myPrincipal.IsInRole("Sales"))
| > {
| > // Do whatever "Sales" is allowed to do, initialize the UI etc...
| > }
| > else
| > if((myPrincipal.IsInRole("AccountManagers"))
| > // do whatever "AccountMAnagers" are allowed to do.
| >
| > Resources like file and directory object permissions are checked when a
| user
| > opens the resource, this is the task of the OS and (in general) not the
| task
| > of an application program. Note that V2.0 includes managed classes that
| > wraps the object security access API's in Win32 by means of
| > System.Security.AccessControl classes, v1.1 user can achieve the same
| using
| > System.DirectoryServices and some ADSI stuff or by using the
| > System.Management and WMI classes.
| >
| > Willy.
| >
| >
|
|
Jan 16 '06 #8
Thanks, the ability to belong to more than one group and the stated "role of
current logged in user" threw me off.

As I mentioned in the OP, I am able to check which role(s) the user belongs
to. Not what the requirement stated, but cool nonetheless. If anything, it
led me down this path to understand it better.

I haven't started yet on 2.0 (XP Pro SP2 network issues), but the
WindowsBuiltInRole enumeration is available in 2.0 from a quick msdn2
search. This is only the common groups installed on a Windows system.

Thanks for the help. Happy MLK day.

Mark
"Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
news:Oi**************@TK2MSFTNGP15.phx.gbl...
Well, as Windows based 'roles' are mapped to "Windows security group"
membership, and because a user can be a member of more than one security
group, it should be role(s).
Take a user "Bob", which is a member of both 'SalesDpt' and 'AccountMgrs',
Bob is automatically assigned both roles. In your code you can execute
different paths depending on whether he's an account manager or just a
generic member of a sales department.
Note that enumerating user groups (roles) by reflecting private methods like shown by Peter, is NOT the way you should go, this code is non-portable and fails on v2. The only right way to enumerate user groups is by using the
System.DirectoryServices classes.

Willy.

"Mark White" <ma*******@yahoo.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
| One other question.
|
| This was on a "skills test". The time has passed, and I'm not interested in
| seeing any code. Just trying to make sense of this.
|
| One of the requirements was to "display the role of the current logged in | user".
|
| This was the test from the tech. manager. Unless it's a typo, shouldn't
it
| be role(s)?
|
| Thanks.
| "Willy Denoyette [MVP]" <wi*************@telenet.be> wrote in message
| news:%2****************@TK2MSFTNGP11.phx.gbl...
| >
| > "Mark White" <ma*******@yahoo.com> wrote in message
| > news:%2****************@TK2MSFTNGP11.phx.gbl...
| > | Hey everyone
| > |
| > | I'm having a great deal of problems finding this information through
| > google
| > | and yahoo, so I turn to you on this.
| > |
| > | I have a Windows app running on XP. I am able to caputre the user's
| Name
| > | property in the WindowsPrincipal's IIdentity interface.
| > |
| > | Where can I find the role that the user is assigned for the current
| login?
| > | I only want the one role which is assigned for the current user, not
all
| > of
| > | the groups in which the user belongs (that is working fine).
| > |
| > | Do I have to actually test out permissions on files/objects to find
the
| > | current role/group? Seems to be a lot of work going that route for
| > | something which should be accessible in the same interface as Name.
Why
| > | isn't it?
| > |
| > | I'm on 1.1 btw. Has this changed in 2.0?
| > |
| > | Thank you in advance for any help you can give me.
| > |
| > | Mark White
| > |
| > |
| >
| > Roles are not meant to check/control resource access permissions, they
are
| > meant for program access/flow control. These are totally different
things.
| >
| > if(myPrincipal.IsInRole("Sales"))
| > {
| > // Do whatever "Sales" is allowed to do, initialize the UI etc...
| > }
| > else
| > if((myPrincipal.IsInRole("AccountManagers"))
| > // do whatever "AccountMAnagers" are allowed to do.
| >
| > Resources like file and directory object permissions are checked when a | user
| > opens the resource, this is the task of the OS and (in general) not the | task
| > of an application program. Note that V2.0 includes managed classes that | > wraps the object security access API's in Win32 by means of
| > System.Security.AccessControl classes, v1.1 user can achieve the same
| using
| > System.DirectoryServices and some ADSI stuff or by using the
| > System.Management and WMI classes.
| >
| > Willy.
| >
| >
|
|

Jan 16 '06 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Archie Campbell | last post by:
Most people cancel the "allow anonymous user" and IIS will automatically popup the user login dialog. Not me. I want anonymous users to be able to do somethings. Then, if they want to do more,...
3
by: teddysnips | last post by:
Currently studying for 70-229. I'm trying to understand how security for users is managed in SQL Server. I've been using SQL Server for a few years now, but without investigating the bits that...
0
by: Dorte | last post by:
Hi, I have an ASP.NET application where the user can enter an IP address, windows login and password information for remote servers (connected to the same network). The information is stored in...
7
by: Nick | last post by:
Platform: Visual Studio 2003 Language: C# NOTES: 1. Application will need to run on Windows 2000, Windows 2003, Windows XP 2. Client machines will be standalone NOT part of a domain. 3. I...
3
by: Lattis | last post by:
I have the following problem: User A is logged in to a windows 2000 terminal. He runs an application which runs under the credentials of a different user. If I try to see the current user...
1
by: dmohans | last post by:
Hi all, I need the all user names in the Windows Desktop. How to get all Windows Login user name by using VC++? Please help me. Regards Mohan.
1
by: dmohans | last post by:
Hi all, I need the all user names in the Windows Desktop. How to get all Windows Login user name by using VC++? Please help me. Regards Mohan.
9
by: Alex | last post by:
Get the Name and Phone Number of the Current Windows User in a .NET Application I am writing a simple .NET (C#) application. It needs to "automatic" get the Name (last, first) and phone number...
2
by: =?Utf-8?B?d2R1ZGVr?= | last post by:
I have a website using windows integrated security, with anonymous access turned off. The site is used to query orders from a database and when the search takes a long time, a windows login box...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.