Re: Role of current windows login user

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Thanks, the ability to belong to more than one group and the stated "role of
current logged in user" threw me off.

As I mentioned in the OP, I am able to check which role(s) the user belongs
to. Not what the requirement stated, but cool nonetheless. If anything, it
led me down this path to understand it better.

I haven't started yet on 2.0 (XP Pro SP2 network issues), but the
WindowsBuiltInRole enumeration is available in 2.0 from a quick msdn2
search. This is only the common groups installed on a Windows system.

Thanks for the help. Happy MLK day.

Mark
"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message
news:OijlidrGGHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
> Well, as Windows based 'roles' are mapped to "Windows security group"
> membership, and because a user can be a member of more than one security
> group, it should be role(s).
> Take a user "Bob", which is a member of both 'SalesDpt' and 'AccountMgrs',
> Bob is automatically assigned both roles. In your code you can execute
> different paths depending on whether he's an account manager or just a
> generic member of a sales department.
> Note that enumerating user groups (roles) by reflecting private methods
like
> shown by Peter, is NOT the way you should go, this code is non-portable
and
> fails on v2. The only right way to enumerate user groups is by using the
> System.DirectoryServices classes.
>
> Willy.
>
> "Mark White" <markw2927@xxxxxxxxx> wrote in message
> news:%23brStMrGGHA.1180@xxxxxxxxxxxxxxxxxxxxxxx
> | One other question.
> |
> | This was on a "skills test". The time has passed, and I'm not
interested
> in
> | seeing any code. Just trying to make sense of this.
> |
> | One of the requirements was to "display the role of the current logged
in
> | user".
> |
> | This was the test from the tech. manager. Unless it's a typo, shouldn't
> it
> | be role(s)?
> |
> | Thanks.
> | "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message
> | news:%23830pafGGHA.3976@xxxxxxxxxxxxxxxxxxxxxxx
> | >
> | > "Mark White" <markw2927@xxxxxxxxx> wrote in message
> | > news:%23sQsM2XGGHA.1452@xxxxxxxxxxxxxxxxxxxxxxx
> | > | Hey everyone
> | > |
> | > | I'm having a great deal of problems finding this information through
> | > google
> | > | and yahoo, so I turn to you on this.
> | > |
> | > | I have a Windows app running on XP. I am able to caputre the user's
> | Name
> | > | property in the WindowsPrincipal's IIdentity interface.
> | > |
> | > | Where can I find the role that the user is assigned for the current
> | login?
> | > | I only want the one role which is assigned for the current user, not
> all
> | > of
> | > | the groups in which the user belongs (that is working fine).
> | > |
> | > | Do I have to actually test out permissions on files/objects to find
> the
> | > | current role/group? Seems to be a lot of work going that route for
> | > | something which should be accessible in the same interface as Name.
> Why
> | > | isn't it?
> | > |
> | > | I'm on 1.1 btw. Has this changed in 2.0?
> | > |
> | > | Thank you in advance for any help you can give me.
> | > |
> | > | Mark White
> | > |
> | > |
> | >
> | > Roles are not meant to check/control resource access permissions, they
> are
> | > meant for program access/flow control. These are totally different
> things.
> | >
> | > if(myPrincipal.IsInRole("Sales"))
> | > {
> | > // Do whatever "Sales" is allowed to do, initialize the UI etc...
> | > }
> | > else
> | > if((myPrincipal.IsInRole("AccountManagers"))
> | > // do whatever "AccountMAnagers" are allowed to do.
> | >
> | > Resources like file and directory object permissions are checked when
a
> | user
> | > opens the resource, this is the task of the OS and (in general) not
the
> | task
> | > of an application program. Note that V2.0 includes managed classes
that
> | > wraps the object security access API's in Win32 by means of
> | > System.Security.AccessControl classes, v1.1 user can achieve the same
> | using
> | > System.DirectoryServices and some ADSI stuff or by using the
> | > System.Management and WMI classes.
> | >
> | > Willy.
> | >
> | >
> |
> |
>
>


.

Relevant Pages

  • Re: What are these address families?
    ... One extra & in a place where it didn't belong. ... Windows is correctly putting a 2 where it belongs. ... In both addrinfo structures, the ai_family member is equal to PF_INET and the ai_addrlen member is equal to 16, great. ...
    (microsoft.public.win32.programmer.networks)
  • Re: Windows Login Authentication
    ... if a user is logged on to windows using his ... member of the right group, you should ask to logoff and logon to windows ... If he/she does NOT belong to the group, ... Using the DirectoryEntry in DirectoryServices namespace. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: sp_revoke login is not working as expected.
    ... EXEC xp_logininfo 'MyDomain\SomeUserAccount','members' ... Try specifying a group member rather than the group. ... This should list the Windows groups the user can connect with. ... connect with the non-existing login. ...
    (microsoft.public.sqlserver.security)
  • Re: Role of current windows login user
    ... as Windows based 'roles' are mapped to "Windows security group" ... generic member of a sales department. ... |> opens the resource, this is the task of the OS and not the ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: KRB Error
    ... I'm heading out the door for the day, but there is something tickling the back of my brain about differences with Authenticated Users from Windows 2000 to 2003. ... server of Domain A) as an Domain Administrator. ... Member servers on Domain A cannot access resources on Domain B. ...
    (microsoft.public.win2000.active_directory)