Roles

  • Thread starter Thread starter Mark
  • Start date Start date
M

Mark

Is there a way in Windows Authentication to list ALL the domain roles that a
user is a part of? The syntax below only allows you to check if the user is
in a single specified role ...

User.IsInRole("whatever").ToString()

Thanks in advance!
Mark
 
Hi Mark,

Yeah there is but it is not pretty... you'll need reflection to access
private parts that Microsoft in all it's wisdom hid from us hack- (sorry)
developers.

Here's my function for it:

public static string[] GetRoles(WindowsIdentity identity)
{
WindowsPrincipal principal = new WindowsPrincipal(identity);
try
{
principal.IsInRole(WindowsBuiltInRole.User); // Ensure roles are loaded.
FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
BindingFlags.NonPublic | BindingFlags.Instance);
return (string[])field.GetValue(principal);
}
catch (Exception err)
{
throw new Exception("Cannot determine roles.", err);
}
}

Hope this helps,
Michel
 
Beautiful. Thanks for the code - works swell.

I had previously been using forms authentication, but have now moved to a
Windows Domain with Active Directory. Should I be using the
WindowsPrincipal and WindowsIdentiy for all related security code and
tracking, or should I be sticking to ...

System.Security.Principal.IIdentity ii = User.Identity;

Thanks again.
Mark


Michel said:
Hi Mark,

Yeah there is but it is not pretty... you'll need reflection to access
private parts that Microsoft in all it's wisdom hid from us hack- (sorry)
developers.

Here's my function for it:

public static string[] GetRoles(WindowsIdentity identity)
{
WindowsPrincipal principal = new WindowsPrincipal(identity);
try
{
principal.IsInRole(WindowsBuiltInRole.User); // Ensure roles are loaded.
FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
BindingFlags.NonPublic | BindingFlags.Instance);
return (string[])field.GetValue(principal);
}
catch (Exception err)
{
throw new Exception("Cannot determine roles.", err);
}
}

Hope this helps,
Michel


Mark said:
Is there a way in Windows Authentication to list ALL the domain roles
Click to expand...
that
a
user is a part of? The syntax below only allows you to check if the
Click to expand...
user
is
in a single specified role ...

User.IsInRole("whatever").ToString()

Thanks in advance!
Mark
Click to expand...
Click to expand...
 
Hi Mark,

Nice to know, thanks.
Your question is one of design, more specifically do you want to be
"windows-specific" or not.
I guess it really depends on the environment you are in.

Cheers,
Michel

Mark said:
Beautiful. Thanks for the code - works swell.

I had previously been using forms authentication, but have now moved to a
Windows Domain with Active Directory. Should I be using the
WindowsPrincipal and WindowsIdentiy for all related security code and
tracking, or should I be sticking to ...

System.Security.Principal.IIdentity ii = User.Identity;

Thanks again.
Mark


Michel said:
Hi Mark,

Yeah there is but it is not pretty... you'll need reflection to access
private parts that Microsoft in all it's wisdom hid from us hack- (sorry)
developers.

Here's my function for it:

public static string[] GetRoles(WindowsIdentity identity)
{
WindowsPrincipal principal = new WindowsPrincipal(identity);
try
{
principal.IsInRole(WindowsBuiltInRole.User); // Ensure roles are loaded.
FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
BindingFlags.NonPublic | BindingFlags.Instance);
return (string[])field.GetValue(principal);
}
catch (Exception err)
{
throw new Exception("Cannot determine roles.", err);
}
}

Hope this helps,
Michel


Mark said:
Is there a way in Windows Authentication to list ALL the domain roles
Click to expand...
that
a
user is a part of? The syntax below only allows you to check if the
Click to expand...
user
is
in a single specified role ...

User.IsInRole("whatever").ToString()

Thanks in advance!
Mark
Click to expand...
Click to expand...
Click to expand...
 
Back
Top