Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Best way to find the user roles

Posted on 2007-11-21
17
Medium Priority
?
710 Views
Last Modified: 2013-12-16
Hi,
(ASP.NET, C#)
I have created login page with Active Directory. It is working good.

Now, once the user login, I would like to find out their userrole, for example, if the user is "Admin" or "User".

I would like to achieve this through active directory.. How do I acheive this... (if I can create a new group in the Active Directory??)
or can I create a table in my database and keep track of their userroles ...

Thanks..
0
Comment
Question by:neonlights
  • 8
  • 5
  • 4
17 Comments
 
LVL 96

Accepted Solution

by:
Bob Learned earned 1000 total points
ID: 20328344
There is this:

User.IsInRole("Admin")

Bob
0
 
LVL 33

Expert Comment

by:raterus
ID: 20328613
Do what Bob says, however I would suggest you also include your domain.  I've ran into problems in the past when I didn't include this.

User.IsInRole("SOMEDOMAIN\Admin")
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20328642
Thank you, Michael.

It's a good thing that I have someone who is really to catch my oversights *WINK*.

Bob

0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 33

Expert Comment

by:raterus
ID: 20328721
A very rare event indeed, usually when I follow behind Bob I find out something I didn't ever know.
0
 

Author Comment

by:neonlights
ID: 20329940
Michael and Bob - Thanks...
I agree with Michael about Bob... "A very rare event indeed" ;-)

How do I know "Admin"?

Is this information coming from the Active Directory? I am new to Active Directory...
0
 

Author Comment

by:neonlights
ID: 20329951
since we have many groups.. do I have to create one more group...

and assign certain users to be "Admin" and Others to be "Users"?

Thanks again..
0
 
LVL 33

Expert Comment

by:raterus
ID: 20329960
"Admin" here would be the group name you've created in Active Directory.  You would need to know this before hand.

You, of course, can get a list of all groups the user is in, but this gets much trickier to code.
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20329977
Here is some useful ActiveDirectory code:

using System.Collections.Generic;
using System.DirectoryServices;
using System.Collections;
 
public class ActiveDirectoryGroups
{
 
  public static List<string> GetUserRoles(string userContainerPath, string userName, string adminAccount, string adminPassword)
  {
    string userFilter = string.Format("(&(objectCategory=person)(sAMAccountName={0})", userName);
    List<string> roles = new List<string>();
 
    using (DirectoryEntry entry = new DirectoryEntry(userContainerPath, adminAccount, adminPassword, AuthenticationTypes.None))
    {
      using (DirectorySearcher searcher = new DirectorySearcher(entry, userFilter))
      {
        SearchResult result = searcher.FindOne();
        IEnumerable groups = (result.Properties["memberOf"]) as IEnumerable;
        if (groups != null)
          foreach (string dn in groups)
            roles.Add(dn);
      }
    }
 
    return roles;
 
  }
 
}

Open in new window

0
 

Author Comment

by:neonlights
ID: 20329980
I know how to find list of all groups:
I would like to assign one or two users to be "Admin" - they can change some data in the application..

I am kind of confused with "Admin"

        public String GetGroups()
        {
            DirectorySearcher search = new DirectorySearcher(_path);
            search.Filter = "(cn=" + _filterAttribute + ")";
            userLoginName = _filterAttribute;
           
            search.PropertiesToLoad.Add("memberOf");
            StringBuilder groupNames = new StringBuilder();

            try
            {
                SearchResult result = search.FindOne();

                int propertyCount = result.Properties["memberOf"].Count;

                String dn;
                int equalsIndex, commaIndex;

                for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
                {
                    dn = (String)result.Properties["memberOf"][propertyCounter];

                    equalsIndex = dn.IndexOf("=", 1);
                    commaIndex = dn.IndexOf(",", 1);
                    if (-1 == equalsIndex)
                    {
                        return null;
                    }

                    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
                    groupNames.Append("|");

                }
            }
            catch (Exception ex)
            {
                throw new Exception("Error obtaining group names. " + ex.Message);
            }
            return groupNames.ToString();
        }
    }
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20330015
>>I am kind of confused with "Admin"
Wherein lies your confusion (I am confused)?

Bob
0
 
LVL 33

Expert Comment

by:raterus
ID: 20330026
It sounds like you just need to open up "Active Directory Users and Groups", find the group, and add some users to it.
0
 

Author Comment

by:neonlights
ID: 20330099
Thanks Bob for your code.

ok..

Let's say I create a new group called "MyApplicationX" and I will add 15 users to this group.

Then, in that group, I will give 2 users as Admin...

Then, from my login.aspx, I can get all the people belongs to "MyApplicationX" group and can check for User.IsInRole("SOMEDOMAIN\Admin")? right?

0
 
LVL 33

Assisted Solution

by:raterus
raterus earned 1000 total points
ID: 20330147
You can't add an extra "Admin" option to users in a group, without hacking up your active directory schema (and you don't want to do that).

I would just create at most two groups here,

MyApplicationX
MyApplicationX_Admins

You can check the membership of these two groups to control access to your application.
0
 

Author Comment

by:neonlights
ID: 20330168
and one more question: Let's say I have created a table in my database, and I added all those 15 users in there.. and then, I  give them manually what kind of permission they have... Can I use it then? like this...

If get the value GetUserRoles, can I assign that to User.IsInRole("SOMEDOMAIN\" + GetUserRoles)?
I am new asp.net and c#.. please be patient.. if II make silly mistakes.
thanks again...

        public string GetUserRoles()
        {
            String SqlString;
            string connectionString;

           
            connectionString = ConfigurationManager.ConnectionStrings["AM"].ConnectionString.ToString();
            if ((connectionString == null))
            {
                throw new ProviderException("Connection string cannot be blank.");
            }

            SqlString = "Select [UserRole] From TblEmployee Where ";
            SqlString = SqlString + " (EmployeeName = @EmployeeName)";
            OleDbConnection oleDbConnection = new OleDbConnection(connectionString);
            OleDbCommand oleDbCommand = new OleDbCommand(SqlString, oleDbConnection);
            OleDbDataReader oleDbDataReader = null;

            oleDbCommand.Parameters.Add("@EmployeeName", OleDbType.VarChar, 255).Value = userEmployeeName;
            try
            {
                oleDbConnection.Open();
                oleDbDataReader = oleDbCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);

                if (oleDbDataReader.HasRows)
                {
                    oleDbDataReader.Read();
                    userRole= oleDbDataReader.GetString(0);
                }
                else
                {
                    userRole = "";
                    return userRole;
                }
            }
            catch (OleDbException e)
            {
                System.Diagnostics.Trace.WriteLine("[Fining User Role] Exception " + e.Message);
                userRole = "";
                return userRole;
            }
            finally
            {
                oleDbConnection.Close();
            }
            return userRole;
        }
0
 

Author Comment

by:neonlights
ID: 20330199
Racterus.... no, I do not want to hack.. loll
Now, I  understand.. I am very sorry - I was confused with "Admin" as a role.. "Admin" is a one of group name..

I will create

MyApplicationX
MyApplicationX_Admins

and use them... thanks again.
0
 

Author Comment

by:neonlights
ID: 20330392
Hi Bob,

Would you please let me know ... how do I call your code.. GetUserRoles..

Thanks
0
 

Author Comment

by:neonlights
ID: 20330410
never mind Bob.. I figured it out.. sorry for that.

Thanks again both.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question