isInRole doesn't work for one user, but works for everyone else -- asp.net security

Dominick Baier
9/17/2004 12:34:49 PM

Hi,

i must admin - i don't really understand your logic.

why don't you just call User.IsInRole("role"); ???

another note - the documentation states that your are only allowed to call SetPrincipalPolicy once per AppDomain - maybe something is wrong here...

You only have to call SetPrincipalPolicy if no plumbing has populated Thread.CurrentPrincipal for you (e.g. in a console / winforms app) - but ASP.NET does that.

---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<4DACDDCC-5AC0-495A-A583-C44B3F8CC6FE@microsoft.com>

I have an ASP.NET/C# application in which I verify that the current user is a
member of a list of roles before giving them access to particular functions
of the application (read vs update). I am using the IsInRole method of the
IPrincipal object to check for role membership. Currently, I am just
checking the domain/username against a list of domain/usernames, and will
eventually created Groups.

This is working well for all users, except one. Although my application is
correctly identifying this user with the correct domain/username, the
isinrole call returns false.

My code is below:

from the .aspx.cs:

private void Page_Load(object sender, System.EventArgs e)
{
if (!((Security)(Application["security"])).userInRole("edit",
HttpContext.Current.User))
edit = false;
else
edit = true;

}

This code is from a C# object (called "Security") and is called from the
page above:

public Boolean userInRole(String role, IPrincipal principal)
{
Boolean inRole = false;

AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

//get users from hashtable
String[] users = (String[])securityRolesMap[role];

//loop through users to see is the current user matches

for(int i=0;i< users.Length;i++)
{
String user = users[i];
if (principal.IsInRole(users[i].ToLower()))
{
inRole = true;
break;
}
}

return inRole;

}

Any ideas why this would work okay for everyone except one user?

petersonrj
9/21/2004 6:19:03 AM

Dominick,

Thanks for the information on SetPrincipalPolicy method. I removed that
from my code.

The userInRole method that I created is intended to be a reusable method
throughout my application, as I need this functionality in multiple places.
So, I really am just calling User.IsInRole("role") since User is an
IPrincipal.

For the user for which the call wasn't working, I created an AD group and
added them as a member. The isInRole works fine for that user when comparing
to a group, just not against their user id. I'm still not sure why, but at
least I've got the app working.

Thanks for your help!

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about asp.net security

asp.net security : isInRole doesn't work for one user, but works for everyone else