GetRolesForUser ActiveDirectoryMembershipProvider

[Jerry C]

I am using the ActiveDirectoryMembershipProvider for forms authentication in
a application the user id validated with the line.

if (Membership.ValidateUser(UserName.Text,Password.Text))
{
wp.IsInRole("cd\\System Admin") //Works great
String ICdUser = WindowsIdentity.GetCurrent().Name;
//gets user looks like this CD\\cdadmin
String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work

}

The error is:
Method is only supported if the user name parameter matches the user name in
the current Windows Identity.

I am using the line:
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
enabled="true"/>
for the role manager and I am sure the membership provider is working since
the user is validated.
since the line WindowsIdentity.GetCurrent().Name works and returns the user
there must be a Windows Identity.

What am I doing wrong.

Thank you for helping

 

[Dominick Baier]

The token role provider only works with

<authentication mode="Windows" />

And can't be mixed with membership.

WindowsIdentity.GetCurrent returns the server identity - not the client one.

a) there is no built in way to get roles from AD with forms authentication
b) the token role provider is absolutely useless IMO

 

[Jerry C]

Dominick,

Thank you for the answer. I will get the groups with LDAP


--
Jerry

The token role provider only works with

<authentication mode="Windows" />

And can't be mixed with membership.

WindowsIdentity.GetCurrent returns the server identity - not the client one.

a) there is no built in way to get roles from AD with forms authentication
b) the token role provider is absolutely useless IMO


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

I am using the ActiveDirectoryMembershipProvider for forms
authentication in a application the user id validated with the line.

if (Membership.ValidateUser(UserName.Text,Password.Text))
{
wp.IsInRole("cd\\System Admin") //Works great
String ICdUser = WindowsIdentity.GetCurrent().Name;
//gets user looks like this CD\\cdadmin
String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
}

The error is:
Method is only supported if the user name parameter matches the user
name in
the current Windows Identity.
I am using the line:
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
enabled="true"/>
for the role manager and I am sure the membership provider is working
since
the user is validated.
since the line WindowsIdentity.GetCurrent().Name works and returns
the user there must be a Windows Identity.

What am I doing wrong.

Thank you for helping

 

[Joe Kaplan]

We have a sample from our book on our website that you can adapt to this
purpose (ch 10).

My co-author, Ryan, started writing an LDAP based role provider for AD that
would compliment the MS AD membership provider but ran into a few snags with
scalability and stopped giving it out to people. He hasn't had time yet to
correct the errors and clean it up for distribution. Otherwise, I'd suggest
you just download it from our site directly instead of our sample code.

Maybe someday when he has more time...

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--

Dominick,

Thank you for the answer. I will get the groups with LDAP


--
Jerry

The token role provider only works with

<authentication mode="Windows" />

And can't be mixed with membership.

WindowsIdentity.GetCurrent returns the server identity - not the client
one.

a) there is no built in way to get roles from AD with forms
authentication
b) the token role provider is absolutely useless IMO


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

I am using the ActiveDirectoryMembershipProvider for forms
authentication in a application the user id validated with the line.

if (Membership.ValidateUser(UserName.Text,Password.Text))
{
wp.IsInRole("cd\\System Admin") //Works great
String ICdUser = WindowsIdentity.GetCurrent().Name;
//gets user looks like this CD\\cdadmin
String[] RollUsers = Roles.GetRolesForUser(ICDUser); //does not work
}

The error is:
Method is only supported if the user name parameter matches the user
name in
the current Windows Identity.
I am using the line:
<roleManager defaultProvider="AspNetWindowsTokenRoleProvider"
enabled="true"/>
for the role manager and I am sure the membership provider is working
since
the user is validated.
since the line WindowsIdentity.GetCurrent().Name works and returns
the user there must be a Windows Identity.

What am I doing wrong.

Thank you for helping