Re: DirectoryServices: what's wrong with my COM interop?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Marc Scheuner [MVP ADSI] (m.scheuner_at_inova.SPAMBEGONE.ch)
Date: 03/22/04

Next message: Cor: "Re: Creating a map with Hotspot Images"
Previous message: Marc Scheuner [MVP ADSI]: "Re: IADsPropertyList and IADsPropertyEntry in .NET"
In reply to: Natalia DeBow: "DirectoryServices: what's wrong with my COM interop?"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 22 Mar 2004 08:10:28 +0100

Hi Natalia,

>In my app, I need to check if the current user is a member of the
>Administrators group in order to allow/deny some action.

Is there any particular reason why you start using the nice S.DS
namespace, and then go back to the "old-style", messy IADs
interfaces??

Unless you have some very specific reason for it, I'd stick to using
S.DS all the way - it's MUCH nicer and easier to use!

Also, another point: why do you use the WinNT provider?? That provider
is old, deprecated, and really only provided for backwards
compatibility with NT4 systems. if ever possible, AVOID it at all
costs - use LDAP instead.

To check if a given user is member of the "Administrators" group,
you'll need to

a) know your user's LDAP path
b) know your "Administrators" LDAP path

Given those two, you can easily detect this condition in S.DS

// set up the strings - user needs to be the fully qualified LDAP path
// including the LDAP:// provider prefix, while the "Administrators"
// string needs to be just the DN (distinguishedName) of the group

string sUser = "LDAP://cn=Natalia,ou=SomeOU,dc=yourcompany,dc=com";
string sAdmGrp = "cn=Administrators,cn=Builtin,dc=yourcompany,dc=com";

// bind to the user
DirectoryEntry deUser = new DirectoryEntry(sUser);

// enumerate it's "member" strings to see if it's
/ member of "Administrators"
bool bIsMemberOfAdmin = false;

foreach(object oGrp in deUser.Properties["member"])
{
   if(oGrp.ToString() == sAdmGrp)
   {
       bIsMemberOfAdmin = true;
      break;
   }
}

if(bIsMemberOfAdmin)
// ..... do one thing
else
// do something else

Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

Next message: Cor: "Re: Creating a map with Hotspot Images"
Previous message: Marc Scheuner [MVP ADSI]: "Re: IADsPropertyList and IADsPropertyEntry in .NET"
In reply to: Natalia DeBow: "DirectoryServices: what's wrong with my COM interop?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Preformatted text and line wrapping
... It happens so often that the real problems emerge when everyone is rather tired of the discussion. ... That's the prime reason why one should _start_ from the original problem and not an assumed solution. ... Letting ordinary users send messages to administrators via forms? ... This note was just an excursion of course; I could not avoid seeing this info, and I cannot avoid seeing web pages that ask for personal data with no good reason. ...
(comp.infosystems.www.authoring.html)
Re: company in administration
... The company's name has not changed so I see no reason so long as there is ... reasons not to disclose that fact on invoices and demands for payment. ... business they conduct will be guaranteed by the administrator that the ... invoice will be paid to do otherwise would leave the administrators open to ...
(uk.legal)
Re: Folder permissions and take ownership
... Administrators group on a number of machines for various reasons ... I considered using FOlder permissions to lock out the local ... What is this unstoppable reason to make these users administrators? ...
(microsoft.public.security)
User cant log on
... For some reason, the ... password for the user defaulted to the administrators ... This happened on two machines. ... >I have a user who cannot logon to her own system. ...
(microsoft.public.windowsxp.security_admin)