Windows-based authentication 1

[Alcar]

I'm kind of tripping here...
Where would you guys send me for a good and detailed code example for windows-based authentication?
Apparently I'm having a hard time setting up my inherited IPrincipal class...

any ideas?

thanks!

Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540

 

[Zarcom]

http://msdn.microsoft.com/library/d...-us/vsent7/html/vxconASPNETAuthentication.asp

check here That'l do donkey, that'l do
Mark
If you are unsure of forum etiquette check here faq796-2540

 

[Alcar]

Here is my problem:
with the examples I have found from microsoft & friends I was able to get these 2 user identifications:

with <identity impersonate=&quot;true&quot; />
MACHINENAME\IUSR_MACHINENAME

with <identity impersonate=&quot;false />
MACHINENAME\ASPNET

what I am looking for is:
DOMAINNAME\USERNAME

like
DOMAIN\Alcar or DOMAIN\Zarcom and so on...

The way I am accessing those values is:

using System.Security.Principal;
[...]
private void Page_Load(object sender, System.EventArgs e)
{
WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent());
lblUserName.Text = wp.Identity.Name;
}

Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540

 

[Alcar]

upps hehehe (puts the beer away) ok... got it working heheh thank you (M)(Z)ark!!

Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540

 

[Zarcom]

Glad to know that.
Yes it looks like you have had too many beers. I can't even read my name.

kudos for the star. That'l do donkey, that'l do
Mark
If you are unsure of forum etiquette check here faq796-2540

 

[Alcar]

Ok...
Help me understand this: I have several users in 4 different user groups on my domain and these groups decide the role that these users have on the intranet page I'm developing.

1 - VP of Sales
2 - Sales Department
3 - Operations Department
4 - Shipment Department

I am using the Windows Based authentication and I succesfully retrieve the Username. Through the same WindowsPrincipal object I want to retrieve the groups this user is member of but all I get are built in groupd through the WindowsBuiltInRole object...

Does this mean I have to programmatically recreate the user groups int he web.config file? Or does this mean I am doing something wrong?

thanks again Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540

 

[sthmpsn1]

Why not use the server to authenticate and access numbers so to speak to detirmine there level. That is what I do for my intranet. I store the users loginID in the table and have there access rights listed in the table too by number. Might be a solution for you. If you have questions I can give you a more detailed answer.

Scott

 

[Alcar]

Yes, it would also work, but it implies that every new salesman, you would have to do some DB inserts by hand or (worse) have to create your own little slim db program to change the users and groups in your DB (time spending).
We would prefer linking ourselves to the &quot;Directory&quot; so it's more direct and controlled. Plus we can (at that point) also have folder access security with the same groups. It is possible to do that, through the LDAC classes...

Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540

 

[Alcar]

make that LDAP Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540

 

[sthmpsn1]

I understand your reasoning. Our company is only 60 employee's so it works good for the intranet we developed.

 

[Zarcom]

Not sure Daren if I get the time I'll look into it. Can't promise nothing I am getting swamped here. That'l do donkey, that'l do
Mark
If you are unsure of forum etiquette check here faq796-2540

 

[Alcar]

here is what I have created to get the user groups an NT user is member of:

WindowsPrincipal wp = new WindowsPrincipal(WindowsIdentity.GetCurrent());
strUserName = wp.Identity.Name;
strUserName = strUserName.Substring(strUserName.IndexOf(&quot;\\&quot + 1, (strUserName.Length - (strUserName.IndexOf(&quot;\\&quot) - 1));
DirectoryEntry entry = new DirectoryEntry(&quot;LDAP://DOMAINNAME&quot;
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = &quot;(CN=&quot; + strFullName + &quot&quot;;
SearchResult sr = mySearcher.FindOne();
string strUserGroup;
ResultPropertyCollection myResultPropColl = sr.Properties;
foreach(string sc in myResultPropColl.PropertyNames)
{
if(sc == &quot;memberof&quot
{
for (int w = 0; w < myResultPropColl[sc].Count; w++)
{
strUserGroup = (myResultPropColl[sc])[w].ToString();
strUserGroup = strUserGroup.Remove(0,3);
strUserGroup = strUserGroup.Remove(strUserGroup.IndexOf(&quot;,&quot;,0,strUserGroup.Length-1),(strUserGroup.Length - strUserGroup.IndexOf(&quot;,&quot;,0,strUserGroup.Length-1)));
}
}
}


given that strFullUserName is the exact full user name given when creating the account on the NT machine. I have created a function to retrieve such name. eg: (in my case) Daren J. Lahey is my full name.

hth Daren J. Lahey
Just another computer guy...
If you are unsure of forum etiquette check here FAQ796-2540