Get list of users belonging to a role using Authorization Manager (AzMan)

Question

Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role?

The table to manage roles would basically be like this:

Role    User
----    ----
admin   DOMAIN\UserName [delete]
        DOMAIN\UserName2 [delete]
        [add user text box]
news    DOMAIN\UserName3 [delete]
        [add user text box]

Answer 1

If you are storing your Azman role information in an XML file, you should be able to get lists of SID's containing the authorised users for each role using XPath (although maybe a good opportunity to use LINQ2XML ...):

<AzAdminManager MajorVersion="2" MinorVersion="0" Description="My application">
 <AzApplicationGroup Name="Admin" Description="" GroupType="Basic">
  <BizRuleLanguage /> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-1001</Member> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-1003</Member> 
 </AzApplicationGroup>
 <AzApplicationGroup Name="Users" Description="" GroupType="Basic">
  <BizRuleLanguage /> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-501</Member> 
 </AzApplicationGroup>
</AzAdminManager>

The following post shows plenty of ways to map a SID back to a Windows account - http://stackoverflow.com/questions/499053/how-can-i-convert-from-a-sid-to-an-account-name-in-c.

Answer 2

Found a way of doing it (IAzRole Interface, thanks to Bermo), looping through the MembersName property on each role. No need to map back to a windows account, unless you need to get more than the user name.

Setup roles as detailed in article: How To: Use Authorization Manager (AzMan) with ASP.NET 2.0

In Visual Studio Project add reference to AzMan COM library (azroles 1.0 Type Library). Then add using AZROLESLib;. Add <form id="form1" runat="server">, then in Page_Load:

AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
string connString = ConfigurationManager.ConnectionStrings["AuthorizationServices"].ConnectionString;
string path = Server.MapPath(connString.Substring("msxml://".Length));
AzManStore.Initialize(0, "msxml://" + path, null);
IAzApplication azApp = AzManStore.OpenApplication("AppName", null);
PlaceHolder p = new PlaceHolder();
StringBuilder sb = new StringBuilder();
sb.Append("<ul>");
foreach (IAzRole role in azApp.Roles)
{
    sb.Append("<li>");
    sb.Append(role.Name);
    sb.Append("<ul>");
    foreach (object member in (object[])role.MembersName)
    {
        sb.Append("<li>");
        sb.Append(member);
        sb.Append("</li>");
    }
    sb.Append("</ul>");
    sb.Append("</li>");
}
sb.Append("</ul>");
p.Controls.Add(new LiteralControl(sb.ToString()));
form1.Controls.Add(p);

This displays a list of roles and members in each role.