Search Results

Search found 37 results on 2 pages for 'isinrole'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/2 | 1 2  | Next Page >

  • Calling IPrincipal.IsInRole on Windows 7

    - by adrianbanks
    We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that a user is a local administrator on the machine, we use: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); ... bool allowed = Thread.CurrentPrincipal.IsInRole(@"Builtin\Administrators") This works if the current user is the Administrator user, or is another user that is a member of the Builtin\Administrators group. In our testing on Windows 7, we have found that this no longer works as expected. The Administrator user still works fine, but any other user that is a member of the Builtin\Administrators group returns false for the IsInRole call. What could be causing this difference? I have a gut feeling that a default setting has changed somewhere (possible in gpedit), but cannot find anything that looks like the culprit.

    Read the article

  • User.IsInRole returning false

    - by Curtis
    My ASP.NET app is using windows authentication. If I run the following code: WindowsIdentity wi = (WindowsIdentity)User.Identity; foreach (IdentityReference r in wi.Groups) { ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value); } if (User.IsInRole ("Everyone")) Label1.Text = "Is in role"; The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false. Can anyone tell me what I am doing wrong? Thanks

    Read the article

  • How does IPrincipal gets its roles?

    - by abatishchev
    I need to get know how SiteMapProvider.IsAccessibleToUser() works. Built-in XmlSiteMapProvider calls HttpContext.User.IsInRole() which uses System.Security.Principal.GenericPrincipal in case of forms authentication. Where does the current user gets its roles? Which provider loads this kind of information? I want to overload it and use custom logic.

    Read the article

  • Have the default security settings changed in Windows 7 that would affect IPrincipal.IsInRole?

    - by adrianbanks
    We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that a user is a local administrator on the machine, we use: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); ... bool allowed = Thread.CurrentPrincipal.IsInRole(@"Builtin\Administrators") This works if the current user is the Administrator user, or is another user that is a member of the Builtin\Administrators group. In our testing on Windows 7, we have found that this no longer works as expected. The Administrator user still works fine, but any other user that is a member of the Builtin\Administrators group returns false for the IsInRole call. What could be causing this difference? I have a gut feeling that a default setting has changed somewhere (possible in gpedit), but cannot find anything that looks like the culprit.

    Read the article

  • How to set disabled in MVC htmlAttribute

    - by Ollie
    When using an HTML Helper, what is the best method to set an attribute based on a condition. For example <%if (Page.User.IsInRole("administrator")) {%> <%=Html.TextBoxFor(m => m.FirstName, new {@class='contactDetails'}%> <%} else {%> <%=Html.TextBoxFor(m => m.FirstName, new {@class='contactDetails', disabled = true}%> <%}%> There must be a better way to programmatically add just one additional KeyPair to the anonymous type? Can't use new { .... disabled = Page.User.IsInRole("administrator") ... } as the browser takes any disabled attribute value as making the input disabled

    Read the article

  • With windows authentication, The trust relationship between the primary domain and the trusted domai

    - by yamspog
    I have my asp.net web server setup to use windows authentication. It is authenticating just fine with my current logged in user. I can verify this by viewing ... HttpContext.Current.User.Identity.Name And I can verify that I am authenticated by viewing... HttpContext.Current.User.Identity.IsAuthenticated However, when I call the .IsInRole function I get the trust relationship error... HttpContext.Current.User.IsInRole("accounting") I have found online references to problems with supplying domain name with the role name (domain\accounting), but I still get the same error. Any suggestions on where to look or troubleshoot the problem?

    Read the article

  • ASP.NET MVC Actions that return different views, or just make a ton of Actions?

    - by Nate Bross
    So, I am in a situation, where I need to display a different view based on the "Role" that the authenticated user has. I'm wondering which approach is best here: [Authorize(Roles="Admin")] public ActionResult AdminList(int? divID, int? subDivID) { var data = GetListItems(divID.Value, subDivID.Value); return View(data); } [Authorize(Roles = "Consultant")] public ActionResult ConsultantList(int? divID, int? subDivID) { var data = GetListItems(divID.Value, subDivID.Value); return View(data); } or should I do something like this [Authorize] public ActionResult List(int? divID, int? subDivID) { var data = GetListItems(divID.Value, subDivID.Value); if(HttpContenxt.User.IsInRole("Admin") { return View("AdminList", data ); } if(HttpContenxt.User.IsInRole("Consultant") { return View("ConsultantList", data ); } return View("NotFound"); }

    Read the article

  • IIS7 integrated mode closing token between requests

    - by user607287
    We are migrating to IIS7 integrated mode and have come across an issue. We authenticate using WindowsAuthentication but then store a reference to the WindowsPrincipal so that on future requests we can authorize as needed against AD. In IIS 7 Integrated mode, the token is being closed (between requests) so that when we try to run IsInRole it generates a disposed exception. Is there a way to cache this token or change our use of WindowsPrincipal so that we don't need to make successive AD requests to get it for each authorization request? Here is the exception being thrown from WindowsPrincipal.IsInRole("") - System.ObjectDisposedException: {"Safe handle has been closed"} Thanks.

    Read the article

  • What I like about WIF&rsquo;s Claims-based Authorization

    - by Your DisplayName here!
    In “traditional” .NET with its IPrincipal interface and IsInRole method, developers were encouraged to write code like this: public void AddCustomer(Customer customer) {     if (Thread.CurrentPrincipal.IsInRole("Sales"))     {         // add customer     } } In code reviews I’ve seen tons of code like this. What I don’t like about this is, that two concerns in your application get tightly coupled: business and security logic. But what happens when the security requirements change – and they will (e.g. members of the sales role and some other people from different roles need to create customers)? Well – since your security logic is sprinkled across your project you need to change the security checks in all relevant places (and make sure you don’t forget one) and you need to re-test, re-stage and re-deploy the complete app. This is clearly not what we want. WIF’s claims-based authorization encourages developers to separate business code and authorization policy evaluation. This is a good thing. So the same security check with WIF’s out-of-the box APIs would look like this: public void AddCustomer(Customer customer) {     try     {         ClaimsPrincipalPermission.CheckAccess("Customer", "Add");           // add customer     }     catch (SecurityException ex)     {         // access denied     } } You notice the fundamental difference? The security check only describes what the code is doing (represented by a resource/action pair) – and does not state who is allowed to invoke the code. As I mentioned earlier – the who is most probably changing over time – the what most probably not. The call to ClaimsPrincipalPermission hands off to another class called the ClaimsAuthorizationManager. This class handles the evaluation of your security policy and is ideally in a separate assembly to allow updating the security logic independently from the application logic (and vice versa). The claims authorization manager features a method called CheckAccess that retrieves three values (wrapped inside an AuthorizationContext instance) – action (“add”), resource (“customer”) and the principal (including its claims) in question. CheckAccess then evaluates those three values and returns true/false. I really like the separation of concerns part here. Unfortunately there is not much support from Microsoft beyond that point. And without further tooling and abstractions the CheckAccess method quickly becomes *very* complex. But still I think that is the way to go. In the next post I will tell you what I don’t like about it (and how to fix it).

    Read the article

  • GetAccessControl error with NTAccount

    - by Adam Witko
    private bool HasRights(FileSystemRights fileSystemRights_, string fileName_, bool isFile_) { bool hasRights = false; WindowsIdentity WinIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); WindowsPrincipal WinPrincipal = new WindowsPrincipal(WinIdentity); AuthorizationRuleCollection arc = null; if (isFile_) { FileInfo fi = new FileInfo(@fileName_); arc = fi.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)); } else { DirectoryInfo di = new DirectoryInfo(@fileName_); arc = di.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)); } foreach (FileSystemAccessRule rule in arc) { if (WinPrincipal.IsInRole(rule.IdentityReference.Value)) { if (((int)rule.FileSystemRights & (int)fileSystemRights_) > 0) { if (rule.AccessControlType == AccessControlType.Allow) hasRights = true; else if (rule.AccessControlType == AccessControlType.Deny) { hasRights = false; break; } } } } return hasRights; } The above code block is causing me problems. When the WinPrincipal.IsInRole(rule.IdentityReference.Value) is executed the following exception occurs: "The trust relationship between the primary domain and the trusted domain failed.". I'm very new to using identities, principles and such so I don't know what's the problem. I'm assuming it's with the use of NTAccount? Thanks

    Read the article

  • Why ASP.NET menu control ignores roles in Web.sitemap?

    - by MainMa
    Hi, I have a website with a menu based on sitemap. ActiveDirectoryRoleProvider is a custom class. securityTrimmingEnabled of sitemap provider is set to true. Now, nevertheless the roles set in the sitemap file, site menu displays every sitemap entity. So for example if I have in sitemap a node with roles="*", a second one with roles="Administrators" and a third one with roles="Foo" and I login as a member of Administrators group but not Foo group, the site menu will display all three items. On the other hand, if I have a node which does not specify roles attribute but has children, this node will never be displayed. If I put: <%= HttpContext.Current.User.IsInRole("Administrators") ? "Admin" : "Not admin"%> <%= HttpContext.Current.User.IsInRole("Foo") ? "Foo" : "Not foo"%> before the menu, it displays that I'm Admin, but Not foo, which is just fine. So if it knows that I'm Admin but Not foo, why does it continue to display Foo's sitemap nodes? Note: changing authorizations has no effect on the menu. It continues to show every item, even for the pages I'm unable to access.

    Read the article

  • Powershell Run-As Script

    - by marc dekeyser
    Disclaimer: This script is not of my own making. I found it on a share somewhere and it is so handy I started using in a bunch of scripts. To the writer: If you're out there, somewhere, when you see this, thank you! Check if script is running as Adminstrator and if not use RunAs    # Use Check Switch to check if admin        param([Switch]$Check)        $IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()`        ).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")            if ($Check) { return $IsAdmin }        if ($MyInvocation.ScriptName -ne "")    {         if (-not $IsAdmin)         {             try            {                 $arg = "-file `"$($MyInvocation.ScriptName)`""                Start-Process "$psHome\powershell.exe" -Verb Runas -ArgumentList $arg -ErrorAction 'stop'             }            catch            {                Write-Warning "Error - Failed to restart script with runas"                 break                          }            exit # Quit this session of powershell        }     }     else     {         Write-Warning "Error - Script must be saved as a .ps1 file first"         break     } write-host "Script Running As Administrator" -foregroundcolor redWrite-host ""

    Read the article

  • Display action-specific authorisation message for [Authorize] attribute

    - by FreshCode
    Is there a way to display an action-specific authorisation message for when an [Authorize] or [Authorize(Roles="Administrator")] attribute redirects the user to the sign-in page? Ideally, [Authorize(Roles="Administrator", Message="I'm sorry Dave. I'm afraid I can't let you do that.")] public ActionResult SomeAdminFunction() { // do admin stuff return View(); } As I understand it, attributes are not meant to add functionality, but this seems purely informational. One could do this inside the action, but it seems inelegant compared to the use of an attribute. Alternatively, if (!Request.IsAuthenticated) { if (!User.IsInRole("Administrator")) SetMessage("You need to be an administrator to destroy worlds."); // write message to session stack return RedirectToAction("SignIn", "Account"); } Is there an existing way to do this or do I need to override the [Authorize] attribute?

    Read the article

  • HTTP MODULE Event Does Not Fire When Click Browser's Back Button

    - by Ali
    I Wrote an Http Module that checks if logged user is restricted disables images on the page. void application_AuthorizeRequest(object sender, EventArgs e) { . . . if (context.User.IsInRole("Restricted")) { context.Response.StatusCode = 401; context.Response.End(); } The code works fine. When the page loads, every image on the screen disapears. but when I go to another page and click back button on the browser and goto previous page images appear. What should I? (I dont want to clear Cache every time) context.Response.Cache.SetNoStore(); context.Response.Cache.SetCacheability(HttpCacheability.NoCache);

    Read the article

  • XSS to change ASP.NET session state

    - by Juri Bogdanov
    Hello! I am developing the application that stores current user and user's role to session state (System.Web.SessionState.HttpSessionState Page.Session). if (Session["username"] == null) Session.Add("username", User.Identity.Name); if (Session["isAdministrator"] == null) Session.Add("isAdministrator", User.IsInRole(domain + "\\Domain Admins")); After I check these session states in code behind for granting permissions to some excecution: if ((bool)Session["isAdministrator"] || computer.Administrators.Contains(Session["username"].ToString())) My question is next: how safe that mechanism is? Is it possible to change the session states using some JavaScript for example or some how else? Thanks :)

    Read the article

  • ProviderException: InvalidCastException

    - by JS
    Few of our clients are regularly getting invalid cast exception, with variations i.e. InvalidCastException / ProviderException, but both generating from method call: System.Web.Security.SqlRoleProvider.GetRolesForUser(String username) The other variation is: Exception type: InvalidCastException Exception message: Unable to cast object of type System.Int32 to type System.String. I had a look at application event log which shows: Stack trace: at System.Web.Security.SqlRoleProvider.GetRolesForUser(String username) at System.Web.Security.RolePrincipal.IsInRole(String role) at System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) at System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) at System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) at System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)* Has anyone come across this issue, and if so what is the fix? Thanks JS

    Read the article

  • In Winform I need ASP.NET like membership and roles stuff. But Roles doesn't work

    - by user512602
    Hi, following http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm I set up the membership & roles providers in app.config and try use it in code. Authentication works well, bur roles always returns empty roles array for connected user. This part works: If Membership.ValidateUser(userName, password) Then ' Set the current application principal information to a known user Dim identity As GenericIdentity Dim principal As RolePrincipal Dim user As MembershipUser user = Membership.GetUser(userName) identity = New GenericIdentity(user.UserName) principal = New RolePrincipal(identity) Threading.Thread.CurrentPrincipal = principal This one doesn't: If principal.IsInRole("Club") Then LoggedInUserRole = "Club" Return True Exit Function End If No error is thrown though. Similarly, if I try to add a user to a known, existing role, an exception is thrown : If Not Roles.IsUserInRole(userName, "club") Then Roles.AddUserToRole(userName, "club") End If Exception msg is: Cannot find role '' (I mean the role name isn't given back in exception.) Any clue? Please do not tell me to use Windows Client Administration within project services, I need my own SQL DB connection + the client app services is a bloated dfeature, bug prone.

    Read the article

  • Can ASP.NET be configured to run as an administrator when UAC is enabled?

    - by Steve Eisner
    I can't seem to find any information that indicates whether ASP.NET can be configured (through web.config or maybe machine.config) to run as a real administrator on a machine with UAC enabled. By this I mean, even if you set it to impersonate an Administrator account, UAC will disable that account's ability to act as an Administrator by returning a token set that hides the administrator role. For any checks such as IsInRole, the running account is effectively not an administrator at all. So ... Let's say I want to ignore all good advice and just go ahead and run a web app on Vista with administrator permissions. Is it even possible? Alternatives welcome. (Core reason for needing administrator privileges: to stop or start services that are running on that machine.)

    Read the article

  • The trust relationship between the primary domain and the trusted domain failed. ASP.NET 2.0

    - by Dasupalouie
    Anyone run into this issue? Any help would be appretiated :) Server Error in '/CTCWeb' Application. The trust relationship between the primary domain and the trusted domain failed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.SystemException: The trust relationship between the primary domain and the trusted domain failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SystemException: The trust relationship between the primary domain and the trusted domain failed. ] System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed) +1185 System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean& someFailed) +44 System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) +47 System.Security.Principal.WindowsPrincipal.IsInRole(String role) +101 System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection roles, IPrincipal principal) +123 System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal user, String verb) +256 System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal user, String verb) +199 System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, EventArgs eventArgs) +8771980 System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3053

    Read the article

  • Unit testing Monorail's RenderText method

    - by MikeWyatt
    I'm doing some maintenance on an older web application written in Monorail v1.0.3. I want to unit test an action that uses RenderText(). How do I extract the content in my test? Reading from controller.Response.OutputStream doesn't work, since the response stream is either not setup properly in PrepareController(), or is closed in RenderText(). Example Action public DeleteFoo( int id ) { var success= false; var foo = Service.Get<Foo>( id ); if( foo != null && CurrentUser.IsInRole( "CanDeleteFoo" ) ) { Service.Delete<Foo>( id ); success = true; } CancelView(); RenderText( "{ success: " + success + " }" ); } Example Test (using Moq) [Test] public void DeleteFoo() { var controller = new FooController (); PrepareController ( controller ); var foo = new Foo { Id = 123 }; var mockService = new Mock < Service > (); mockService.Setup ( s => s.Get<Foo> ( foo.Id ) ).Returns ( foo ); controller.Service = mockService.Object; controller.DeleteTicket ( foo.Id ); mockService.Verify ( s => s.Delete<Foo> ( foo.Id ) ); Assert.AreEqual ( "{success:true}", GetResponse ( Response ) ); } // response.OutputStream.Seek throws an "System.ObjectDisposedException: Cannot access a closed Stream." exception private static string GetResponse( IResponse response ) { response.OutputStream.Seek ( 0, SeekOrigin.Begin ); var buffer = new byte[response.OutputStream.Length]; response.OutputStream.Read ( buffer, 0, buffer.Length ); return Encoding.ASCII.GetString ( buffer ); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2  | Next Page >