ansaurus

Question

Answer 1

A:

Like so?

public static string FormsAuthUserData
{
    get
    {
        IPrincipal principal = Thread.CurrentPrincipal;
        if (principal == null) return null;
        FormsIdentity identity = principal.Identity as FormsIdentity;
        if (identity == null) return null;
        FormsAuthenticationTicket ticket = identity.Ticket;
        return ticket == null ? null : ticket.UserData;
    }
}

Marc Gravell 2010-01-21 06:12:28

Answer 2

A:

You can get a list of groups/roles that a user is part of from the WindowsIdentity.Groups property. The WindowsIdentity.Groups collection only contains the SID's (collection of IdentityReference) of the groups/roles a user is in, but not the actual names of the groups/roles. I will show you how to get the actual names of all the groups/roles a user is in.

First, get the WindowsIdentity object.

WindowsIdentity identity = WindowsIdentity.GetCurrent();

Second, use LINQ to translate the SID's (IdentityReference) to NTAccount's.

var groups = from sid in identity.Groups select sid.Translate(typeof(NTAccount)).Value;

You can then loop through the groups and store them in a string array that can be used in the FormsAuthenticationTicket. This will get you both the BUILTIN (local computer) groups/roles and also DOMAIN groups/roles the user is in.

PhantomTypist 2010-01-22 21:33:33

Answer 3

+2 A:

You seem to be mixing apples and oranges. Are you using Windows or Forms authentication?

In either case, you can get the user's roles from the RoleProvider, if it is implemented.

Examining the thread's current principal only exposes a check method, as you know, IsInRole, whereas the role provider will return a string array of roles the user belongs to.

But I have to ask why you are packing a role(s) into the ticket? The only valid use case I can see for this is you are consolidating external auth/role silos.

If you explain your scenario and requirements a bit more fully I am sure we can find a specific solution to your problem.

Sky Sanders 2010-02-10 04:11:57

Answer 4

A:

Yes, Forms Authentication seems to clash with Windows Identities, but I have written some code which I believe will do what you ask.

First of all, add a reference to System.DirectoryServices to your project.

You need to initialize a PrincipalContext object first.

imports System.DirectoryServices

Dim userImLookingFor as AccountManagement.UserPrincipal(ctx)
Dim tempUser As New AccountManagement.UserPrincipal(ctx)
tempUser.SamAccountName = p_samAccountName
Dim searcher As New AccountManagement.PrincipalSearcher(tempUser)
If searcher.FindAll().Count = 1 Then
userImLookingFor = searcher.FindAll()(0)

When this code runs, userImLookingFor contains the user specified by p_samAccountName. Next, you want to get a list of the groups.

Dim tempGp As New AccountManagement.GroupPrincipal(userImLookingFor.Context)
Dim searcher As New AccountManagement.PrincipalSearcher(tempGp)
Dim searchResult As AccountManagement.PrincipalSearchResult(Of AccountManagement.Principal)
searchResult = searcher.FindAll()

Finally, you may refer to the searchResult collection. To get the group names, enumerate through the indexes and and retrieve either the "User Principal Name" or the "SAM Account Name".

Yup, Forms Authentication does not play that well with Active Directory, but let me know if this helps. I am not familiar with the approach in the previous answer; these two different answers may give you objects that give you access to different functionality.

Rice Flour Cookies 2010-02-11 15:21:09

Answer 5

A:

You can do a extension method to your user class, to get the collection of all Roles in the system (asking your Role provider) do a cicle (or use linq) to ask the isInRole foreach role and collect the user Roles in a property ready to use.

That can be a way generic to any type of Role provider.

Deumber 2010-02-22 21:13:05

ansaurus

tags:

views:

answers:

get role of user in a string variable

related questions