get role of user in a string variable
is there a way i can get the role in a string variable using the below commands....
System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
System.Security.Principal.WindowsPrincipal wp = new System.Security.Principal.WindowsPrincipal(wi);
i need this for
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, // version
UserName.Text, // user name
开发者_运维百科 DateTime.Now, // creation
DateTime.Now.AddMinutes(60),// Expiration
false, // Persistent
role); // User data
as string role= wp.IsInRole();
but this is not rightsomething similar to this...
You can get a list of groups/roles that a user is part of from the WindowsIdentity.Groups property. The WindowsIdentity.Groups collection only contains the SID's (collection of IdentityReference) of the groups/roles a user is in, but not the actual names of the groups/roles. I will show you how to get the actual names of all the groups/roles a user is in.
First, get the WindowsIdentity object.
WindowsIdentity identity = WindowsIdentity.GetCurrent();
Second, use LINQ to translate the SID's (IdentityReference) to NTAccount's.
var groups = from sid in identity.Groups select sid.Translate(typeof(NTAccount)).Value;
You can then loop through the groups and store them in a string array that can be used in the FormsAuthenticationTicket. This will get you both the BUILTIN (local computer) groups/roles and also DOMAIN groups/roles the user is in.
For getting Roles: http://msdn.microsoft.com/en-us/library/system.web.security.roles.getrolesforuser.aspx
Use Roles.GetRolesForUser()
or Roles.GetRolesForUser(Page.User.Identity.Name)
to get an array of the roles the current user has. You can specify which user you want to get the roles for by Roles.GetRolesForUser("Specific UserName")
You can use String.Join(", ",Roles.GetRolesForUser())
to get a string of roles the user has.
String.Join
http://msdn.microsoft.com/en-us/library/57a79xd0.aspx
Hope this helps.
You seem to be mixing apples and oranges. Are you using Windows or Forms authentication?
In either case, you can get the user's roles from the RoleProvider, if it is implemented.
Examining the thread's current principal only exposes a check method, as you know, IsInRole, whereas the role provider will return a string array of roles the user belongs to.
But I have to ask why you are packing a role(s) into the ticket? The only valid use case I can see for this is you are consolidating external auth/role silos.
If you explain your scenario and requirements a bit more fully I am sure we can find a specific solution to your problem.
Like so?
public static string FormsAuthUserData
{
get
{
IPrincipal principal = Thread.CurrentPrincipal;
if (principal == null) return null;
FormsIdentity identity = principal.Identity as FormsIdentity;
if (identity == null) return null;
FormsAuthenticationTicket ticket = identity.Ticket;
return ticket == null ? null : ticket.UserData;
}
}
Yes, Forms Authentication seems to clash with Windows Identities, but I have written some code which I believe will do what you ask.
First of all, add a reference to System.DirectoryServices
to your project.
You need to initialize a PrincipalContext
object first.
imports System.DirectoryServices
Dim userImLookingFor as AccountManagement.UserPrincipal(ctx)
Dim tempUser As New AccountManagement.UserPrincipal(ctx)
tempUser.SamAccountName = p_samAccountName
Dim searcher As New AccountManagement.PrincipalSearcher(tempUser)
If searcher.FindAll().Count = 1 Then
userImLookingFor = searcher.FindAll()(0)
When this code runs, userImLookingFor
contains the user specified by p_samAccountName. Next, you want to get a list of the groups.
Dim tempGp As New AccountManagement.GroupPrincipal(userImLookingFor.Context)
Dim searcher As New AccountManagement.PrincipalSearcher(tempGp)
Dim searchResult As AccountManagement.PrincipalSearchResult(Of AccountManagement.Principal)
searchResult = searcher.FindAll()
Finally, you may refer to the searchResult collection. To get the group names, enumerate through the indexes and and retrieve either the "User Principal Name" or the "SAM Account Name".
Yup, Forms Authentication does not play that well with Active Directory, but let me know if this helps. I am not familiar with the approach in the previous answer; these two different answers may give you objects that give you access to different functionality.
You can do a extension method to your user class, to get the collection of all Roles in the system (asking your Role provider) do a cicle (or use linq) to ask the isInRole foreach role and collect the user Roles in a property ready to use.
That can be a way generic to any type of Role provider.
精彩评论