Solved

Best way to find the user roles

Posted on 2007-11-21
17
702 Views
Last Modified: 2013-12-16
Hi,
(ASP.NET, C#)
I have created login page with Active Directory. It is working good.

Now, once the user login, I would like to find out their userrole, for example, if the user is "Admin" or "User".

I would like to achieve this through active directory.. How do I acheive this... (if I can create a new group in the Active Directory??)
or can I create a table in my database and keep track of their userroles ...

Thanks..
0
Comment
Question by:neonlights
  • 8
  • 5
  • 4
17 Comments
 
LVL 96

Accepted Solution

by:
Bob Learned earned 250 total points
ID: 20328344
There is this:

User.IsInRole("Admin")

Bob
0
 
LVL 33

Expert Comment

by:raterus
ID: 20328613
Do what Bob says, however I would suggest you also include your domain.  I've ran into problems in the past when I didn't include this.

User.IsInRole("SOMEDOMAIN\Admin")
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20328642
Thank you, Michael.

It's a good thing that I have someone who is really to catch my oversights *WINK*.

Bob

0
 
LVL 33

Expert Comment

by:raterus
ID: 20328721
A very rare event indeed, usually when I follow behind Bob I find out something I didn't ever know.
0
 

Author Comment

by:neonlights
ID: 20329940
Michael and Bob - Thanks...
I agree with Michael about Bob... "A very rare event indeed" ;-)

How do I know "Admin"?

Is this information coming from the Active Directory? I am new to Active Directory...
0
 

Author Comment

by:neonlights
ID: 20329951
since we have many groups.. do I have to create one more group...

and assign certain users to be "Admin" and Others to be "Users"?

Thanks again..
0
 
LVL 33

Expert Comment

by:raterus
ID: 20329960
"Admin" here would be the group name you've created in Active Directory.  You would need to know this before hand.

You, of course, can get a list of all groups the user is in, but this gets much trickier to code.
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20329977
Here is some useful ActiveDirectory code:

using System.Collections.Generic;

using System.DirectoryServices;

using System.Collections;
 

public class ActiveDirectoryGroups

{
 

  public static List<string> GetUserRoles(string userContainerPath, string userName, string adminAccount, string adminPassword)

  {

    string userFilter = string.Format("(&(objectCategory=person)(sAMAccountName={0})", userName);

    List<string> roles = new List<string>();
 

    using (DirectoryEntry entry = new DirectoryEntry(userContainerPath, adminAccount, adminPassword, AuthenticationTypes.None))

    {

      using (DirectorySearcher searcher = new DirectorySearcher(entry, userFilter))

      {

        SearchResult result = searcher.FindOne();

        IEnumerable groups = (result.Properties["memberOf"]) as IEnumerable;

        if (groups != null)

          foreach (string dn in groups)

            roles.Add(dn);

      }

    }
 

    return roles;
 

  }
 

}

Open in new window

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:neonlights
ID: 20329980
I know how to find list of all groups:
I would like to assign one or two users to be "Admin" - they can change some data in the application..

I am kind of confused with "Admin"

        public String GetGroups()
        {
            DirectorySearcher search = new DirectorySearcher(_path);
            search.Filter = "(cn=" + _filterAttribute + ")";
            userLoginName = _filterAttribute;
           
            search.PropertiesToLoad.Add("memberOf");
            StringBuilder groupNames = new StringBuilder();

            try
            {
                SearchResult result = search.FindOne();

                int propertyCount = result.Properties["memberOf"].Count;

                String dn;
                int equalsIndex, commaIndex;

                for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
                {
                    dn = (String)result.Properties["memberOf"][propertyCounter];

                    equalsIndex = dn.IndexOf("=", 1);
                    commaIndex = dn.IndexOf(",", 1);
                    if (-1 == equalsIndex)
                    {
                        return null;
                    }

                    groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
                    groupNames.Append("|");

                }
            }
            catch (Exception ex)
            {
                throw new Exception("Error obtaining group names. " + ex.Message);
            }
            return groupNames.ToString();
        }
    }
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 20330015
>>I am kind of confused with "Admin"
Wherein lies your confusion (I am confused)?

Bob
0
 
LVL 33

Expert Comment

by:raterus
ID: 20330026
It sounds like you just need to open up "Active Directory Users and Groups", find the group, and add some users to it.
0
 

Author Comment

by:neonlights
ID: 20330099
Thanks Bob for your code.

ok..

Let's say I create a new group called "MyApplicationX" and I will add 15 users to this group.

Then, in that group, I will give 2 users as Admin...

Then, from my login.aspx, I can get all the people belongs to "MyApplicationX" group and can check for User.IsInRole("SOMEDOMAIN\Admin")? right?

0
 
LVL 33

Assisted Solution

by:raterus
raterus earned 250 total points
ID: 20330147
You can't add an extra "Admin" option to users in a group, without hacking up your active directory schema (and you don't want to do that).

I would just create at most two groups here,

MyApplicationX
MyApplicationX_Admins

You can check the membership of these two groups to control access to your application.
0
 

Author Comment

by:neonlights
ID: 20330168
and one more question: Let's say I have created a table in my database, and I added all those 15 users in there.. and then, I  give them manually what kind of permission they have... Can I use it then? like this...

If get the value GetUserRoles, can I assign that to User.IsInRole("SOMEDOMAIN\" + GetUserRoles)?
I am new asp.net and c#.. please be patient.. if II make silly mistakes.
thanks again...

        public string GetUserRoles()
        {
            String SqlString;
            string connectionString;

           
            connectionString = ConfigurationManager.ConnectionStrings["AM"].ConnectionString.ToString();
            if ((connectionString == null))
            {
                throw new ProviderException("Connection string cannot be blank.");
            }

            SqlString = "Select [UserRole] From TblEmployee Where ";
            SqlString = SqlString + " (EmployeeName = @EmployeeName)";
            OleDbConnection oleDbConnection = new OleDbConnection(connectionString);
            OleDbCommand oleDbCommand = new OleDbCommand(SqlString, oleDbConnection);
            OleDbDataReader oleDbDataReader = null;

            oleDbCommand.Parameters.Add("@EmployeeName", OleDbType.VarChar, 255).Value = userEmployeeName;
            try
            {
                oleDbConnection.Open();
                oleDbDataReader = oleDbCommand.ExecuteReader(CommandBehavior.SingleRow & CommandBehavior.CloseConnection);

                if (oleDbDataReader.HasRows)
                {
                    oleDbDataReader.Read();
                    userRole= oleDbDataReader.GetString(0);
                }
                else
                {
                    userRole = "";
                    return userRole;
                }
            }
            catch (OleDbException e)
            {
                System.Diagnostics.Trace.WriteLine("[Fining User Role] Exception " + e.Message);
                userRole = "";
                return userRole;
            }
            finally
            {
                oleDbConnection.Close();
            }
            return userRole;
        }
0
 

Author Comment

by:neonlights
ID: 20330199
Racterus.... no, I do not want to hack.. loll
Now, I  understand.. I am very sorry - I was confused with "Admin" as a role.. "Admin" is a one of group name..

I will create

MyApplicationX
MyApplicationX_Admins

and use them... thanks again.
0
 

Author Comment

by:neonlights
ID: 20330392
Hi Bob,

Would you please let me know ... how do I call your code.. GetUserRoles..

Thanks
0
 

Author Comment

by:neonlights
ID: 20330410
never mind Bob.. I figured it out.. sorry for that.

Thanks again both.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now