.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
NT Groups
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngibuyspy' list.


Snipes, Jason
Has anyone tried to modify the IBS portal to use NT Groups for access
control? We have over 24,000 users and to have to create groups in the
portal and then add all the users manually would be a nightmare.

Jason Snipes

This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
Reply to this message...
 
    
Jeff Dunmall
Hi Jason,

Yes, we've done it for our own portal solution. We've also written a
custom module that lets you browse the file system, add documents,
create sub-folders, etc. It respects the NT security permissions
present. We wrote custom .net code that assigns NT groups permissions
to folders as they get created to prevent one set of users from seeing
or modifying what others users see (using WMI).

Changing to support NT groups is not a big deal. It's hard to remember
now what we did to make the change, but it mostly involved deleting code
(in global.asa, remove application_authenticaterequest) and switching to
Windows Integrated authentication. Role membership checks work the same
way as the security class -
HttpContext.Current.User.IsInRole("Administrators"). You'd need access
to the HttpContext object to use this method.

Obviously, impersonation needs to be turned on.

Calls to add users to groups, create users, and change passwords are
also possible.

I hope this helps,

Jeff

-----Original Message-----
From: Snipes, Jason [mailto:Click here to reveal e-mail address]
Sent: August 15, 2002 8:27 AM
To: aspngibuyspy
Subject: [aspngibuyspy] NT Groups

Has anyone tried to modify the IBS portal to use NT Groups for access
control? We have over 24,000 users and to have to create groups in the
portal and then add all the users manually would be a nightmare.

Jason Snipes

This electronic message may contain confidential or privileged
information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please
notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).

| [aspngibuyspy] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngibuyspy.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Snipes, Jason
Jeff,
I set impersonation on in my web.config by adding this line:<identity
impersonate="true" />. I switched to windows integrated security. I am
picking up the username just fine, but I am not able to verify NT Group
access. Here is the sample code I am using:

#### UserInfo.ascx ####
<%@ Control Language="vb" AutoEventWireup="false"
Codebehind="UserInfo.ascx.vb" Inherits="ASPNetPortal.UserInfo"%>
<%@ Register TagPrefix="Portal" TagName="Title"
Src="~/DesktopModuleTitle.ascx"%>
<portal:title runat="server" id="Title1" />
<asp:Label id="userName" runat="server" CssClass="Normal"></asp:Label><br>
<asp:Label id="isClientSrv" runat="server" CssClass="Normal"></asp:Label>

#### UserInfo.ascx.vb ####
Namespace ASPNetPortal
Public MustInherit Class UserInfo
Inherits ASPNetPortal.PortalModuleControl
Protected WithEvents userName As System.Web.UI.WebControls.Label
Protected WithEvents isClientSrv As System.Web.UI.WebControls.Label

" Web Form Designer Generated Code "

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
userName.Text = HttpContext.Current.User.Identity.Name
isClientSrv.Text HttpContext.Current.User.IsInRole("DOMAIN\GROUPNAME")
End Sub

End Class
End Namespace

The Output works great for my name but it tells me false for whatever group
I try to query. Do you see anything I am doing wrong?

Jason Snipes

-----Original Message-----
From: Jeff Dunmall [mailto:Click here to reveal e-mail address]
Sent: Thursday, August 15, 2002 5:05 PM
To: aspngibuyspy
Subject: [aspngibuyspy] RE: NT Groups

Hi Jason,

Yes, we've done it for our own portal solution. We've also written a custom
module that lets you browse the file system, add documents, create
sub-folders, etc. It respects the NT security permissions present. We
wrote custom .net code that assigns NT groups permissions to folders as they
get created to prevent one set of users from seeing or modifying what others
users see (using WMI).

Changing to support NT groups is not a big deal. It's hard to remember now
what we did to make the change, but it mostly involved deleting code (in
global.asa, remove application_authenticaterequest) and switching to Windows
Integrated authentication. Role membership checks work the same way as the
security class - HttpContext.Current.User.IsInRole("Administrators"). You'd
need access to the HttpContext object to use this method.

Obviously, impersonation needs to be turned on.

Calls to add users to groups, create users, and change passwords are also
possible.

I hope this helps,

Jeff

This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
Reply to this message...
 
    
Jeff Dunmall
Jason,

Did you remove the code in the global.asa file as I mentioned in my
first post? If that code is still there, it may be trying to verify
your username against a role in the SQL Server role table. You could
easily test this by creating a role with the same name
("DOMAIN\GROUPNAME"), and making sure your username is part of that
role. Ultimately, you want to turn that functionality off though.

Your code looks correct. Note that you can use the same infrastructure
that's in IBuySpy for role checking. You can use the existing code and
admin interface to secure pages. In this case, however, the role names
are actually NT role names. Look for the code that calls the
Security.IsInRoles() function.

Jeff

-----Original Message-----
From: Snipes, Jason [mailto:Click here to reveal e-mail address]
Sent: August 16, 2002 7:34 AM
To: aspngibuyspy
Subject: [aspngibuyspy] RE: NT Groups

Jeff,
I set impersonation on in my web.config by adding this
line:<identity impersonate="true" />. I switched to windows integrated
security. I am picking up the username just fine, but I am not able to
verify NT Group access. Here is the sample code I am using:

#### UserInfo.ascx ####
<%@ Control Language="vb" AutoEventWireup="false"
Codebehind="UserInfo.ascx.vb" Inherits="ASPNetPortal.UserInfo"%>
<%@ Register TagPrefix="Portal" TagName="Title"
Src="~/DesktopModuleTitle.ascx"%>
<portal:title runat="server" id="Title1" />
<asp:Label id="userName" runat="server"
CssClass="Normal"></asp:Label><br>
<asp:Label id="isClientSrv" runat="server"
CssClass="Normal"></asp:Label>

#### UserInfo.ascx.vb ####
Namespace ASPNetPortal
Public MustInherit Class UserInfo
Inherits ASPNetPortal.PortalModuleControl
Protected WithEvents userName As System.Web.UI.WebControls.Label

Protected WithEvents isClientSrv As
System.Web.UI.WebControls.Label

" Web Form Designer Generated Code "

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
userName.Text = HttpContext.Current.User.Identity.Name
isClientSrv.Text HttpContext.Current.User.IsInRole("DOMAIN\GROUPNAME")
End Sub

End Class
End Namespace

The Output works great for my name but it tells me false for whatever
group I try to query. Do you see anything I am doing wrong?

Jason Snipes

-----Original Message-----
From: Jeff Dunmall [mailto:Click here to reveal e-mail address]
Sent: Thursday, August 15, 2002 5:05 PM
To: aspngibuyspy
Subject: [aspngibuyspy] RE: NT Groups

Hi Jason,

Yes, we've done it for our own portal solution. We've also written a
custom module that lets you browse the file system, add documents,
create sub-folders, etc. It respects the NT security permissions
present. We wrote custom .net code that assigns NT groups permissions
to folders as they get created to prevent one set of users from seeing
or modifying what others users see (using WMI).

Changing to support NT groups is not a big deal. It's hard to remember
now what we did to make the change, but it mostly involved deleting code
(in global.asa, remove application_authenticaterequest) and switching to
Windows Integrated authentication. Role membership checks work the same
way as the security class -
HttpContext.Current.User.IsInRole("Administrators"). You'd need access
to the HttpContext object to use this method.

Obviously, impersonation needs to be turned on.

Calls to add users to groups, create users, and change passwords are
also possible.

I hope this helps,

Jeff

This electronic message may contain confidential or privileged
information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please
notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).

| [aspngibuyspy] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngibuyspy.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Snipes, Jason
Jeff,

Thanks, I overlooked that part in your original post. That works
fantastic.

Thanks for your help,
Jason Snipes

-----Original Message-----
From: Jeff Dunmall [mailto:Click here to reveal e-mail address]
Sent: Friday, August 16, 2002 10:18 AM
To: aspngibuyspy
Subject: [aspngibuyspy] RE: NT Groups

Jason,

Did you remove the code in the global.asa file as I mentioned in my first
post? If that code is still there, it may be trying to verify your username
against a role in the SQL Server role table. You could easily test this by
creating a role with the same name ("DOMAIN\GROUPNAME"), and making sure
your username is part of that role. Ultimately, you want to turn that
functionality off though.

Your code looks correct. Note that you can use the same infrastructure
that's in IBuySpy for role checking. You can use the existing code and
admin interface to secure pages. In this case, however, the role names are
actually NT role names. Look for the code that calls the
Security.IsInRoles() function.

Jeff

-----Original Message-----
From: Snipes, Jason [mailto:Click here to reveal e-mail address]
Sent: August 16, 2002 7:34 AM
To: aspngibuyspy
Subject: [aspngibuyspy] RE: NT Groups

Jeff,
I set impersonation on in my web.config by adding this line:<identity
impersonate="true" />. I switched to windows integrated security. I am
picking up the username just fine, but I am not able to verify NT Group
access. Here is the sample code I am using:

#### UserInfo.ascx ####
<%@ Control Language="vb" AutoEventWireup="false"
Codebehind="UserInfo.ascx.vb" Inherits="ASPNetPortal.UserInfo"%>
<%@ Register TagPrefix="Portal" TagName="Title"
Src="~/DesktopModuleTitle.ascx"%>
<portal:title runat="server" id="Title1" />
<asp:Label id="userName" runat="server" CssClass="Normal"></asp:Label><br>
<asp:Label id="isClientSrv" runat="server" CssClass="Normal"></asp:Label>

#### UserInfo.ascx.vb ####
Namespace ASPNetPortal
Public MustInherit Class UserInfo
Inherits ASPNetPortal.PortalModuleControl
Protected WithEvents userName As System.Web.UI.WebControls.Label
Protected WithEvents isClientSrv As System.Web.UI.WebControls.Label

" Web Form Designer Generated Code "

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
userName.Text = HttpContext.Current.User.Identity.Name
isClientSrv.Text HttpContext.Current.User.IsInRole("DOMAIN\GROUPNAME")
End Sub

End Class
End Namespace

The Output works great for my name but it tells me false for whatever group
I try to query. Do you see anything I am doing wrong?

Jason Snipes

-----Original Message-----
From: Jeff Dunmall [ mailto:Click here to reveal e-mail address
<mailto:Click here to reveal e-mail address> ]
Sent: Thursday, August 15, 2002 5:05 PM
To: aspngibuyspy
Subject: [aspngibuyspy] RE: NT Groups

Hi Jason,

Yes, we've done it for our own portal solution. We've also written a custom
module that lets you browse the file system, add documents, create
sub-folders, etc. It respects the NT security permissions present. We
wrote custom .net code that assigns NT groups permissions to folders as they
get created to prevent one set of users from seeing or modifying what others
users see (using WMI).

Changing to support NT groups is not a big deal. It's hard to remember now
what we did to make the change, but it mostly involved deleting code (in
global.asa, remove application_authenticaterequest) and switching to Windows
Integrated authentication. Role membership checks work the same way as the
security class - HttpContext.Current.User.IsInRole("Administrators"). You'd
need access to the HttpContext object to use this method.

Obviously, impersonation needs to be turned on.

Calls to add users to groups, create users, and change passwords are also
possible.

I hope this helps,

Jeff

This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).

| [aspngibuyspy] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngibuyspy.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

| [aspngibuyspy] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngibuyspy.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives

This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
Reply to this message...
 
 
System.EventArgs
System.Object
System.Web.HttpContext
System.Web.UI.WebControls.Label




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification