Re: Check group membership, the sequel
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 02/21/05
- Next message: Ken Dopierala Jr.: "Re: Why so .net is slow..."
- Previous message: Jason Cooke [MSFT]: "[ANN] February 22, 2005, "Writing Faster Visual Basic .NET Applications" chat"
- In reply to: Sameh Ahmed: "Re: Check group membership, the sequel"
- Next in thread: Sameh Ahmed: "Re: Check group membership, the sequel"
- Reply: Sameh Ahmed: "Re: Check group membership, the sequel"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 21 Feb 2005 12:26:05 -0600
IsInRole supports fully nested security group membership (assuming you are
on a 2000 native AD domain that supports nested groups). You don't have to
do anything extra to make this work.
Joe K.
"Sameh Ahmed" <essoplus@hotmail.com> wrote in message
news:%234%23cFHEGFHA.3336@TK2MSFTNGP10.phx.gbl...
> The code you sent worked very good.
> and in a domain environment the isinrole worked also very well.
> I use it to make the decision if the current user (running the
> application) has the right to be using it or the application should quit.
> So for this part, it was solved and everything work in a very good way.
> within the functionality of the application, I need to take a decision on
> how to handle users depending on their group memberships, IE if the
> "domain\user" belongs to the group "domain\group" it should be dealt with
> in the manner A, and if it belongs to the "domain\another group" it should
> be handled in the manner B.
> do I need to check if the user belongs to a certain group or not
> (explicitly or implicitly by belonging to a group that is a member of the
> "domain\group")
> Hope I made myself clear on that one.
> thanks again.
> Regards
> Sameh
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:%23%23BpSEDGFHA.1396@tk2msftngp13.phx.gbl...
>>I still think you should be using WindowsPrincipal::IsInRole. What
>>happened when you tried the reflection code I suggested?
>>
>> It is possible to do group membership expansion programmatically, but it
>> seems like it would be better to try and get the built in stuff that
>> already supports this working.
>>
>> Joe K.
>>
>> "Sameh Ahmed" <essoplus@hotmail.com> wrote in message
>> news:Oy8a4nCGFHA.3928@TK2MSFTNGP09.phx.gbl...
>>> Hello there
>>> IsInrole gives ya the means to check if the current or impersonated user
>>> belongs to a specific windows role or group.
>>> is there a way to do the same without using ADSI to check if
>>> "domain\user" belongs to "domain\group"?
>>> the reason is, when getting the "memberof" property of a user, then
>>> checking if it contains the desired group or not.
>>> this will only work if the user is a member of the group itself but not
>>> when he is a member of a group that belongs to the designated group.
>>> Do I make sense?
>>> Regards
>>> Sameh
>>>
>>
>>
>
>
- Next message: Ken Dopierala Jr.: "Re: Why so .net is slow..."
- Previous message: Jason Cooke [MSFT]: "[ANN] February 22, 2005, "Writing Faster Visual Basic .NET Applications" chat"
- In reply to: Sameh Ahmed: "Re: Check group membership, the sequel"
- Next in thread: Sameh Ahmed: "Re: Check group membership, the sequel"
- Reply: Sameh Ahmed: "Re: Check group membership, the sequel"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
