to check for administrator

Question

I have developed a web application and only the user that has the administrator role can access it and no one else..

I am having difficulty trying to figure out if the user is administrator or not////

My code for login page is

public partial class LoginPage : System.Web.UI.Page
{
    public const int LOGON32_LOGON_INTERACTIVE = 2;
    public const int LOGON32_PROVIDER_DEFAULT = 0;

    //WindowsImpersonationContext impersonationContext;

    [DllImport("advapi32.dll")]
    public static extern int LogonUserA(String lpszUserName,
        String lpszDomain,
        String lpszPassword,
        int dwLogonType,
        int dwLogonProvider,
        ref IntPtr phToken);
    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern int DuplicateToken(IntPtr hToken,
        int impersonationLevel,
        ref IntPtr hNewToken);

    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern bool RevertToSelf();

    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
    public static extern bool CloseHandle(IntPtr handle);

    protected void LoginButton_Click(object sender, EventArgs e)
    {

        IntPtr token = IntPtr.Zero;
        IntPtr tokenDuplicate = IntPtr.Zero;

        if(LogonUserA(UserName.Text, Domain.Text, Password.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0)
            {
                System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
                System.Security.Principal.WindowsPrincipal wp = new System.Security.Principal.WindowsPrincipal(wi);
                if (wp.IsInRole("Administrators"))
            {
                BadCredentials.Visible = false;
                Session["userName"] = UserName.Text;
                Session["password"] = Password.Text;
                Session["domain"] = Domain.Text;
                FormsAuthentication.RedirectFromLoginPage(UserName.Text, false);
            }
            else
            {
                BadCredentials.Visible = true;
                Label1.Text = wp.Identity.ToString();
                Label2.Text = wi.Name.ToString();
                Label3.Text = "not Admin";
            }

            }
        else
        {
            BadCredentials.Visible = true;
            Label4.Text = "not valid user";
        }

When i put Administrator and the password

In this the Label2.text gives me

XYZCOMP\IUSR_XYZCOMP

and does not go to the next page....

any help please... thanks

I am using forms authentication

>  <authentication mode="Forms"> <forms
> name="AuthCookie"
> LoginUrl="Login.aspx" timeout = "60"
> /> </authentication> <authorization>
> <deny users="?" /> 
>  <allow users="*" />
> </authorization>

Answer 1

I think your problem is in this line:

wi = System.Security.Principal.WindowsIdentity.GetCurrent();

Try changing it to

wi = (WindowsIdentity)HttpContext.Current.User.Identity;

Answer 2

If you are using Windows Authentication to get onto the site then you can simply use the web.config to restrict who has access to the site:

    <authentication mode="Windows"/>
    <authorization>
        <allow role="DOMAIN\Administrator"/>
        <deny users="*"/>
    </authorization>

Is that what you want?