I am trying to check users to see what group they are in Active Directory. Coworkers have applications where they use the Page.User.IsInRole.
I added it to my pages and it keeps returning false for every user I check. I though you would need a conneciton string to the AD side but nothing in there apps has a connection string. They are using .net 2.0 and I am using .net 4.0 We are both using authentication
mode windows.
I looked at every page of there apps and I do not see how this is working.
Just to confirm -- users are successfully authenticating with <authentication mode=Windows> ? If so, run this code to see what roles they're in:
<h2>Logged in as: @User.Identity.Name</h2>
<h2>Groups</h2>
<ul>
@{
var id = User.Identity as System.Security.Principal.WindowsIdentity;
foreach(var g in id.Groups)
{
var name = g.Translate(typeof(System.Security.Principal.NTAccount)).Value;
var nameWithoutAuthority = name;
var idx = name.IndexOf('\\');
if (idx >= 0)
{
nameWithoutAuthority = name.Substring(idx + 1);
}
<li>@g.Value,
@name,
@User.IsInRole(name),
@nameWithoutAuthority,
@User.IsInRole(nameWithoutAuthority)
</li>
}
}
</ul>
Thanks for the response... I did HttpContext.Current.User.Identity.name.tostring and I got my credentials.
I got this when I pasted in your code...
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
(provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
Appears to need to create a db? See below... is this normal?
SQLExpress database file auto-creation error:
The connection string specifies a local Sql Server Express instance using a database location within the application's App_Data directory. The provider attempted to automatically create the application services database because the provider determined that
the database does not exist. The following configuration requirements are necessary to successfully check for existence of the application services database and automatically create the application services database:
If the application is running on either Windows 7 or Windows Server 2008R2, special configuration steps are necessary to enable automatic creation of the provider database. Additional information is available at: http://go.microsoft.com/fwlink/?LinkId=160102.
If the application's App_Data directory does not already exist, the web server account must have read and write access to the application's directory. This is necessary because the web server account will automatically create the App_Data directory if it does
not already exist.
If the application's App_Data directory already exists, the web server account only requires read and write access to the application's App_Data directory. This is necessary because the web server account will attempt to verify that the Sql Server Express
database already exists within the application's App_Data directory. Revoking read access on the App_Data directory from the web server account will prevent the provider from correctly determining if the Sql Server Express database already exists. This will
cause an error when the provider attempts to create a duplicate of an already existing database. Write access is required because the web server account's credentials are used when creating the new database.
Sql Server Express must be installed on the machine.
The process identity for the web server account must have a local user profile. See the readme document for details on how to create a local user profile for both machine and domain accounts.
Is this a new project? I'd suggest un-configuring all the default crap that project template puts in there that has to do with: session, profile, role manager and membership provider.
Well, the role manage being configured expalins why your AD roles aren't working. Role manager is loading roles from the DB that's configured in that line. Those roles (if successfuly loaded from a DB) would overrwite any roles loaded from AD.
The role manage feature is two things: 1) http module-like code that gets called on every http request to load the roles into the current user (much like I describe
here), and 2) role provider which is an api to absract data access for roles.
the role manage does have a feature to cache the roles in a cookie so the DB/provider is not accessed each time.
bobbyd2012
Member
7 Points
8 Posts
Page.User.IsInRole
Dec 03, 2012 06:10 PM|LINK
Hello All,
I am trying to check users to see what group they are in Active Directory. Coworkers have applications where they use the Page.User.IsInRole.
I added it to my pages and it keeps returning false for every user I check. I though you would need a conneciton string to the AD side but nothing in there apps has a connection string. They are using .net 2.0 and I am using .net 4.0 We are both using authentication mode windows.
I looked at every page of there apps and I do not see how this is working.
Thanks for any help!
BrockAllen
All-Star
28072 Points
4996 Posts
MVP
Re: Page.User.IsInRole
Dec 03, 2012 06:41 PM|LINK
Just to confirm -- users are successfully authenticating with <authentication mode=Windows> ? If so, run this code to see what roles they're in:
<h2>Logged in as: @User.Identity.Name</h2> <h2>Groups</h2> <ul> @{ var id = User.Identity as System.Security.Principal.WindowsIdentity; foreach(var g in id.Groups) { var name = g.Translate(typeof(System.Security.Principal.NTAccount)).Value; var nameWithoutAuthority = name; var idx = name.IndexOf('\\'); if (idx >= 0) { nameWithoutAuthority = name.Substring(idx + 1); } <li>@g.Value, @name, @User.IsInRole(name), @nameWithoutAuthority, @User.IsInRole(nameWithoutAuthority) </li> } } </ul>DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
bobbyd2012
Member
7 Points
8 Posts
Re: Page.User.IsInRole
Dec 03, 2012 07:01 PM|LINK
Thanks for the response... I did HttpContext.Current.User.Identity.name.tostring and I got my credentials.
I got this when I pasted in your code...
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
BrockAllen
All-Star
28072 Points
4996 Posts
MVP
Re: Page.User.IsInRole
Dec 03, 2012 07:06 PM|LINK
Well, you've got other configuration issues to sort out or understand better :)
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
bobbyd2012
Member
7 Points
8 Posts
Re: Page.User.IsInRole
Dec 03, 2012 07:11 PM|LINK
Appears to need to create a db? See below... is this normal?
SQLExpress database file auto-creation error:
The connection string specifies a local Sql Server Express instance using a database location within the application's App_Data directory. The provider attempted to automatically create the application services database because the provider determined that the database does not exist. The following configuration requirements are necessary to successfully check for existence of the application services database and automatically create the application services database:
BrockAllen
All-Star
28072 Points
4996 Posts
MVP
Re: Page.User.IsInRole
Dec 03, 2012 07:14 PM|LINK
Is this a new project? I'd suggest un-configuring all the default crap that project template puts in there that has to do with: session, profile, role manager and membership provider.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
bobbyd2012
Member
7 Points
8 Posts
Re: Page.User.IsInRole
Dec 03, 2012 07:19 PM|LINK
like what exactly?
I have these assemblies...
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.DirectoryServices.AccountManagement, Version=4.0.0.0, Culture=neutral, ken=B77A5C561934E089"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies>
<authentication mode="Windows"/>
<roleManager enabled="true" cacheRolesInCookie="true" defaultProvider="AspNetWindowsTokenRoleProvider" cookieName=".ASPXROLES" cookiePath="/" cookieTimeout="480" cookieRequireSSL="false" cookieSlidingExpiration="true" createPersistentCookie="false" cookieProtection="All"/>
BrockAllen
All-Star
28072 Points
4996 Posts
MVP
Re: Page.User.IsInRole
Dec 03, 2012 07:24 PM|LINK
Well, the role manage being configured expalins why your AD roles aren't working. Role manager is loading roles from the DB that's configured in that line. Those roles (if successfuly loaded from a DB) would overrwite any roles loaded from AD.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
bobbyd2012
Member
7 Points
8 Posts
Re: Page.User.IsInRole
Dec 03, 2012 08:14 PM|LINK
thanks! So are the roles stored by default some where or does it really only pull from ad as a read each time?
BrockAllen
All-Star
28072 Points
4996 Posts
MVP
Re: Page.User.IsInRole
Dec 04, 2012 01:11 AM|LINK
The role manage feature is two things: 1) http module-like code that gets called on every http request to load the roles into the current user (much like I describe here), and 2) role provider which is an api to absract data access for roles.
the role manage does have a feature to cache the roles in a cookie so the DB/provider is not accessed each time.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/