?
Solved

create session variable based on Integrated Windows Authentication in Active Directory

Posted on 2009-04-20
15
Medium Priority
?
410 Views
Last Modified: 2013-11-25
HI,

I'm trying to set session variables for logged in users to my application.  I am using integrated Windows Authentication using Active Directory (AD).  Once the user logs onto their PC and opens my application, they are assigned certain roles and can see certain pages.

My problem is, I don't know how to code the session variable to use throughout my application so that the application knows who the user is and based on that ID, I can assign what they are allowed to do/see based on their roles defined in AD.  

Could someone tell me how to do this?







0
Comment
Question by:NorthArrow
  • 8
  • 4
12 Comments
 
LVL 4

Expert Comment

by:512Thz
ID: 24189739
Use the IsInRole method from the WindowsPrincipal class
Imports System.Security.Principal
 
Public Class Form1
 
    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        Dim wp As WindowsPrincipal = New WindowsPrincipal(WindowsIdentity.GetCurrent())
        MsgBox("User=" & wp.Identity.Name & ", Admin=" & wp.IsInRole("Administrators").ToString())
    End Sub
 
End Class

Open in new window

0
 

Author Comment

by:NorthArrow
ID: 24190218
Thanks, 512Thz.

I am getting a squiggly line under the "WindowsPrincipal" variable name.  Do I need to add a namespace or something?

I did find another way to get the user's identity, (but I'm not sure if this the best to assign roles.  Your code actually does assign, so please let me know.)  Would you modify my code below using your code?  I'm not sure if my code is being redundant of yours....

Also, I haven't run the code yet for the reasons above.  Could you tell me why I need the message box?

Thanks
        Dim wp As WindowsPrincipal = New WindowsPrincipal(WindowsIdentity.GetCurrent())
        MsgBox("User=" & wp.Identity.Name & ", Admin=" & wp.IsInRole("Administrators").ToString())
 
 
 
' ##################### begin My code ################################
 
        Dim script As String = String.Empty
        Dim user As String = Page.User.Identity.Name 'get the the user who logged in
 
        If ddlStudentLevel.SelectedItem.Text = "Beginner" Then
            'display beginnger.aspx when Beginner was selected from the DropDown	
            script = "window.open('beginner.aspx?id=" + ddlStudentLevel.SelectedItem.Text + "');"
 
        ElseIf ddlStudentLevel.SelectedItem.Text = "Intermediate" Then      'else display PageB	
 
            script = "window.open('intermediate.aspx?id=" + ddlStudentLevel.SelectedItem.Text + "');"
 
        Else
            'else display advanced.aspx	
 
            script = "window.open('advanced.aspx?id=" + ddlStudentLevel.SelectedItem.Text + "');"
 
        End If
        'Display pop up	
        System.Web.UI.ScriptManager.RegisterClientScriptBlock(Me, Me.[GetType](), "ScriptKey", script, True)
 
' ##################### end My code #########################

Open in new window

0
 
LVL 4

Expert Comment

by:512Thz
ID: 24193905
You need this namespace
   Imports System.Security.Principal

For a discussion on which API to use see the following
  http://www.eggheadcafe.com/articles/20050703.asp
Btw, your code does not use the user name anywhere in the code!
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:NorthArrow
ID: 24196082
512Thz, Thanks, for your responses and the link!

"Btw, your code does not use the user name anywhere in the code!"

Do I need it to be used?  I thought my application would just need to know who logged in, in order to know what permissions that user has within the application.  Please let me know.

Why do I need the "Msgbox" you list in your code?
0
 
LVL 4

Expert Comment

by:512Thz
ID: 24200003
The msgbox was just a demonstration.

The code you have posted does the same for all users in a given category (begin/interm/expert)

Can u explain the permissions you try to implement?
0
 

Author Comment

by:NorthArrow
ID: 24201034
"Can u explain the permissions you try to implement?"

yes. the lessons are all in one database, but not all students can access all lessons.  beginners will see certain lessons in the dropdownlist that intermediate students will not see, and vice versa, all this based on their login.  Also, an instructor will have access to certain pages only and not the students. so i want to be able to set those kinds of permissions/roles.  

I remember reading something about "IsInrole" attribute, but the tutorial was a bit advanced and it seemed to assume that the reader knew alot more than I do.  Is there an easy way to do set these roles based on user login?
0
 

Author Comment

by:NorthArrow
ID: 24201053
512Thz

another question, or clarification:

which of the code above (in my code) creates and keeps the session variable (of the logged user in their specific role)  throughout the application (and what role they are assigned based on login)
0
 
LVL 4

Accepted Solution

by:
512Thz earned 2000 total points
ID: 24208924
For the security issue, what you describe is called "role based security"

You can implement such a security in differetn manners but the most common uses Groups. Groups can be defined in Active Directory and are similar to the Groups found on the "Users & Groups" tab you can access when you right click on "Computer" and select "manage".

A group is simply a list of users. You can also add a user in a group on the "Member Of" tab of the User's property page. However you should do this on the domain level with the AD console.

Suppose you have a Group called "Course455Beginners" where you have entered all users that are memebers then what you need is
   If wp.IsInRole("Course455Beginners") Then
      script = "window.open('beginner.aspx?id=" + ddlStudentLevel.SelectedItem.Text + "');"
   Else
      MsgBox("ACCESS DENIED")



0
 
LVL 4

Expert Comment

by:512Thz
ID: 24208974
If it's not possible for you to modify or have someone modify the Active Directory of your domain you can put all beginners user names in a table with a "B" in a column, put a "I" for intermediates and an "A" for advanced.

Then check the table for a "B" / "I" / "A" using wp.Identity.Name in the Where clause. If a row is returned and contains the proper letter for the access rights then you can proceed.

Warning: This is normally not a best practice
0
 
LVL 4

Expert Comment

by:512Thz
ID: 24209036
Session variables are keep by IIS which keeps track of it using a browser cookie. You normally don't have to care about it.

The first time a user hits the site a session is created and a cookie is sent back to the browser. Then each time the user hits the server, it sends back the cookie which contains the unique identifier that IIS uses to retrieve the variables.

Unless I miss the point ... session variables does not need to be by roles.

0
 
LVL 4

Expert Comment

by:512Thz
ID: 25138218
I think I have helped NorthArrow
0
 
LVL 4

Expert Comment

by:512Thz
ID: 25151010
Finally the answer was msg ID 24208924

NorthArrow wanted to know how to grant access to some features based on roles (Beginners, Intermediate, Experts). He was indeed looking for what is called "role based security" despite the original question was talking about session variables (which had nothing to do with RBS)
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question