G
gary.comstock
We have setup 4 NT groups - Executive, Manager, Employee and
Contractor. The premise is that an Executive has all of the privileges
of Itself plus Manager plus Employee plus Contractor while an Employee
only has itself and Contractor.
We did this as a hierarchy where the higher (i.e. Executive) has a
member of the one directly below (i.e. Manager):
Executive has a member of Manager
Manager has a member of Employee
Employee has a member of Contractor
Contractor
Using .NET 2.0 we are using Page.User.Identity.Name to determine the
user and from there can determine the NT groups in which they belong by
using the following:
// Display the SIDs for the groups the current user belongs.
Response.Write("<br>Display the SIDs for the groups the current user
belongs");
WindowsIdentity wi = User.Identity as WindowsIdentity;
Response.Write("<br>");
Response.Write("Is Authenticated=" + wi.IsAuthenticated);
Response.Write("<br>");
// Display the SID for the owner.
Response.Write("The SID for the owner is : ");
SecurityIdentifier si = wi.Owner;
Response.Write(si.ToString());
StringCollection roles = new StringCollection();
foreach (IdentityReference group in wi.Groups)
{
Response.Write("<br>" + group.Value);
string role =
((NTAccount)group.Translate(typeof(NTAccount))).Value;
Response.Write(" - " + role.ToString());
}
If I set myself up in the Manager group and run the code above I see
that I'm a member of the Manager group. The problem is that I need to
check to make sure I'm a member of the Employee group but how would I
go about doing this? Do I write code that somehow traverses the groups
or will NT handle this? Since theoretically if I'm a member of the
Manager then if we setup the groups correctly I should also be a member
of Employee and Contractor. We're attempting Impersonation/Delegation
against a database.
Thanks,
Gary
Contractor. The premise is that an Executive has all of the privileges
of Itself plus Manager plus Employee plus Contractor while an Employee
only has itself and Contractor.
We did this as a hierarchy where the higher (i.e. Executive) has a
member of the one directly below (i.e. Manager):
Executive has a member of Manager
Manager has a member of Employee
Employee has a member of Contractor
Contractor
Using .NET 2.0 we are using Page.User.Identity.Name to determine the
user and from there can determine the NT groups in which they belong by
using the following:
// Display the SIDs for the groups the current user belongs.
Response.Write("<br>Display the SIDs for the groups the current user
belongs");
WindowsIdentity wi = User.Identity as WindowsIdentity;
Response.Write("<br>");
Response.Write("Is Authenticated=" + wi.IsAuthenticated);
Response.Write("<br>");
// Display the SID for the owner.
Response.Write("The SID for the owner is : ");
SecurityIdentifier si = wi.Owner;
Response.Write(si.ToString());
StringCollection roles = new StringCollection();
foreach (IdentityReference group in wi.Groups)
{
Response.Write("<br>" + group.Value);
string role =
((NTAccount)group.Translate(typeof(NTAccount))).Value;
Response.Write(" - " + role.ToString());
}
If I set myself up in the Manager group and run the code above I see
that I'm a member of the Manager group. The problem is that I need to
check to make sure I'm a member of the Employee group but how would I
go about doing this? Do I write code that somehow traverses the groups
or will NT handle this? Since theoretically if I'm a member of the
Manager then if we setup the groups correctly I should also be a member
of Employee and Contractor. We're attempting Impersonation/Delegation
against a database.
Thanks,
Gary