Hi,
I'm trying to get my application to authenticate using role based when the
user runs the application.
When the user logs on and is in the security group "school", the user gets
into the application no problem. But when the user is removed from the
group but doesnt log back in, he still has permissions to run the
application. This is also true if the user is already logged on and then
placed in the security group, the user cannot run the application. Is there
a way to make the application check Active Directory without logging in and
logging out for the permissions to take effect?
I need this to work because I cant iterate thru Active Directory to get the
nested security groups/roles of the user.
thanks in advance,
Will
Code:
Try
AppDomain.CurrentDomain.SetPrincipalPolicy(Princip alPolicy.WindowsPrincipal)
'get the current userid domain\username
Dim MyPrincipal As WindowsPrincipal = CType(Thread.CurrentPrincipal,
WindowsPrincipal)
winPrincipal = New WindowsPrincipal(MyPrincipal.Identity)
'get the current userid
userid = MyPrincipal.Identity.Name
Dim pp As New PrincipalPermission(userid, adrole)
pp.Demand()
'check if the user is part of the role to access this application
If winPrincipal.IsInRole(adrole) Then
'get the userid without the domain
userid = Mid(userid, InStr(userid, "\") + 1)
UserInfoClass.UserIdent = userid
Return True
Else
MsgBox("You do not have permission to run this program. Please see your
administrator.", MsgBoxStyle.Exclamation, "Access Error")
Return False
'Me.Close()
End If
Catch ex As Exception
MsgBox("Error:" & ex.Message)
Return False
End Try