Best way to find the user roles

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Do what Bob says, however I would suggest you also include your domain. I've ran into problems in the past when I didn't include this.

User.IsInRole("SOMEDOMAIN\Admin")

Thank you, Michael.

It's a good thing that I have someone who is really to catch my oversights *WINK*.

Bob

A very rare event indeed, usually when I follow behind Bob I find out something I didn't ever know.

ASKER

Michael and Bob - Thanks...
I agree with Michael about Bob... "A very rare event indeed" ;-)

How do I know "Admin"?

Is this information coming from the Active Directory? I am new to Active Directory...

ASKER

since we have many groups.. do I have to create one more group...

and assign certain users to be "Admin" and Others to be "Users"?

Thanks again..

"Admin" here would be the group name you've created in Active Directory. You would need to know this before hand.

You, of course, can get a list of all groups the user is in, but this gets much trickier to code.

Here is some useful ActiveDirectory code:

using System.Collections.Generic;
using System.DirectoryServices;
using System.Collections;
 
public class ActiveDirectoryGroups
{
 
  public static List<string> GetUserRoles(string userContainerPath, string userName, string adminAccount, string adminPassword)
  {
    string userFilter = string.Format("(&(objectCategory=person)(sAMAccountName={0})", userName);
    List<string> roles = new List<string>();
 
    using (DirectoryEntry entry = new DirectoryEntry(userContainerPath, adminAccount, adminPassword, AuthenticationTypes.None))
    {
      using (DirectorySearcher searcher = new DirectorySearcher(entry, userFilter))
      {
        SearchResult result = searcher.FindOne();
        IEnumerable groups = (result.Properties["memberOf"]) as IEnumerable;
        if (groups != null)
          foreach (string dn in groups)
            roles.Add(dn);
      }
    }
 
    return roles;
 
  }
 
}

Open in new window

ASKER

I know how to find list of all groups:
I would like to assign one or two users to be "Admin" - they can change some data in the application..

I am kind of confused with "Admin"

public String GetGroups()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
userLoginName = _filterAttribute;

search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();

try
{
SearchResult result = search.FindOne();

int propertyCount = result.Properties["memberOf"].Count;

String dn;
int equalsIndex, commaIndex;

for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];

equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
return null;
}

groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("|");

}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " + ex.Message);
}
return groupNames.ToString();
}
}

>>I am kind of confused with "Admin"
Wherein lies your confusion (I am confused)?

Bob

It sounds like you just need to open up "Active Directory Users and Groups", find the group, and add some users to it.

ASKER

Thanks Bob for your code.

ok..

Let's say I create a new group called "MyApplicationX" and I will add 15 users to this group.

Then, in that group, I will give 2 users as Admin...

Then, from my login.aspx, I can get all the people belongs to "MyApplicationX" group and can check for User.IsInRole("SOMEDOMAIN\Admin")? right?

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

and one more question: Let's say I have created a table in my database, and I added all those 15 users in there.. and then, I give them manually what kind of permission they have... Can I use it then? like this...

If get the value GetUserRoles, can I assign that to User.IsInRole("SOMEDOMAIN\" + GetUserRoles)?
I am new asp.net and c#.. please be patient.. if II make silly mistakes.
thanks again...

public string GetUserRoles()
{
String SqlString;
string connectionString;

connectionString = ConfigurationManager.ConnectionStrings["AM"].ConnectionString.ToString();
if ((connectionString == null))
{
throw new ProviderException("Connection string cannot be blank.");
}

SqlString = "Select [UserRole] From TblEmployee Where ";
SqlString = SqlString + " (EmployeeName = @EmployeeName)";
OleDbConnection oleDbConnection = new OleDbConnection(connectionString);
OleDbCommand oleDbCommand = new OleDbCommand(SqlString, oleDbConnection);
OleDbDataReader oleDbDataReader = null;

oleDbCommand.Parameters.Add("@EmployeeName", OleDbType.VarChar, 255).Value = userEmployeeName;
try
{
oleDbConnection.Open();
oleDbDataReader = oleDbCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);

if (oleDbDataReader.HasRows)
{
oleDbDataReader.Read();
userRole= oleDbDataReader.GetString(0);
}
else
{
userRole = "";
return userRole;
}
}
catch (OleDbException e)
{
System.Diagnostics.Trace.WriteLine("[Fining User Role] Exception " + e.Message);
userRole = "";
return userRole;
}
finally
{
oleDbConnection.Close();
}
return userRole;
}

ASKER

Racterus.... no, I do not want to hack.. loll
Now, I understand.. I am very sorry - I was confused with "Admin" as a role.. "Admin" is a one of group name..

I will create

MyApplicationX
MyApplicationX_Admins

and use them... thanks again.

ASKER

Hi Bob,

Would you please let me know ... how do I call your code.. GetUserRoles..

Thanks