473,396 Members | 1,784 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > windowsprincipal.isinrole actually check roles and not groups?

Join Bytes to post your question to a community of 473,396 software developers and data experts.

WindowsPrincipal.IsInRole actually check roles and NOT groups?

Hi,

I currently have my application setup and built using Windows
Authentication (WindowsPrincipal). For security checks, I simply do
an IsInRole call on the Principal. The role permissions are hard-
coded, something like this:

private static string[] allowedReadRoles = new string[] { "Sales",
"Ordering" };

I now need to brand my application, and while the roles will remain
the same, the problem is that IsInRole is functioning via group
membership. The branding will be for other companies, which are owned
by the same owners, and use the same office buildings, network /
domain and computers are the main company (the other companies have
less than 10 people).

So, adding the users for Company B to existing groups isn't really an
option... they'd have access to the application for Company A. In the
database that would work, since I add logons for new groups and map
them to existing database roles. For my code though, I don't see a
way to do this. I could provide a similar mapping, but that would
require me to update multiple databases to do the mappings each time I
add a new role to the application.

Any other ideas? Has anyone used Authentication Manager, which allows
you to define real roles, not AD Groups? Is there anything that puts
actual roles in WindowsPrincipal.IsInRole, not just windows groups?
It seems an odd thing; AD groups aren't roles, yet WindowsPrincipal
treats them as such.

Thanks
Andy
Jun 27 '08 #1
1 5534
Well, if it helps, even with windows identity you can provide your own
roles definitions. If you can look them up from somewhere,
GenericPrincipal may be of use - alternatively create your own
IPrincipal that performs IsInRole... (perhaps prepending an NT name
onto the role per instance?)

But essentially you are going to have to store the data somewhere...

Some ideas...

Mac

using System;
using System.Security;
using System.Security.Permissions;
using System.Security.Principal;
using System.Threading;
static class Program
{
static void Main()
{
string[] userRoles = { "Sales" };
Thread.CurrentPrincipal = new
GenericPrincipal(WindowsIdentity.GetCurrent(), userRoles);
TestSales();
try
{
TestAdmin();
}
catch (SecurityException)
{
Console.WriteLine("Admin failed ;-p");
}
}
[PrincipalPermission(SecurityAction.Demand, Role="Sales")]
static void TestSales() { Console.WriteLine("Sales"); }
[PrincipalPermission(SecurityAction.Demand, Role = "Admin")]
static void TestAdmin() { Console.WriteLine("Admin"); }
}
// another idea for separating the data...
class SuffixPrincipal : IPrincipal
{
private readonly IPrincipal parent;
private readonly string roleSuffix;
public SuffixPrincipal(IPrincipal parent, string roleSuffix)
{
if (parent == null) throw new ArgumentNullException("parent");
this.parent = parent;
this.roleSuffix = roleSuffix;
}
public IIdentity Identity { get { return parent.Identity; } }
public bool IsInRole(string role)
{
return parent.IsInRole(role + roleSuffix);
}
}
Jun 27 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
WindowsPrincipal.IsInRole is very slow over dial-up
by: Alek Davis | last post by:
Hello, I noticed an interesting problem. When calling WindowsPrincipal.IsInRole over dial-up (VPN), this function takes 1-2 minute(s) to return. On the intranet or when disconnected from the...
C# / C Sharp
0
ArgumentException when call WindowsPrincipal.IsInRole
by: Dan Kelley | last post by:
I receive multiple (handled) ArgumentExceptions when I call WindowsPrinciple.IsInRole. The exception text is: A first chance exception of type 'System.ArgumentException' occurred in mscorlib.dll...
C# / C Sharp
2
IsInRole with wild cards?
by: Esteban404 | last post by:
My WinForm application is activating menus based on the user's roles in AD. I've created the groups to use the same 3 letter abbreviation. Is there a way to do something like this: ...
C# / C Sharp
0
CurrentPrincipal, WindowsPrincipal
by: Mark | last post by:
Hello Friends Please check following Code Dim x As System.Security.Principal.WindowsPrincipal x = System.Threading.Thread.CurrentPrincipal Response.Write...
ASP.NET
2
IsInRole problem?
by: Dave | last post by:
Hi, I'm testing the IsInRole method on my app. I'm using Integrated security so I'm not sure if that has something to do with it. I have a groups table which I want to secure certain portions...
ASP.NET
8
User.IsInRole is always FALSE
by: Oliver Rainer | last post by:
Hi, I have the following problem... Pre-requisites: Installation of an Asp.net webservice on a IIS5 server (win2k). Anonymous access is not allowed, only using windows authentication (intranet...
.NET Framework
10
IsinRole function only works with built-in roles
by: Bob | last post by:
This a bit of a second post on same subject, my apologies. IsinRole function only works with built-in roles. If I create a new group on my domain controller then add an existing user to that...
Visual Basic .NET
0
security using windowsprincipal class
by: wk6pack | last post by:
Hi, I'm trying to get my application to authenticate using role based when the user runs the application. When the user logs on and is in the security group "school", the user gets into the...
.NET Framework
1
WindowsPrincipal.IsInRole fails when there is Whitespace in role n
by: =?Utf-8?B?RjVGNUY1?= | last post by:
I use the following function to ascertain if the current user is in ann AD security group. It appears to work, except if the group contains any space characters, it always returns false. For...
C# / C Sharp
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!