Impersonation: obtain the user's group membership


Hi,

I have set up an ASP site which uses Impersonation, works fine.
But I need to obtain the user's group membership somehow. Obtaining the Username is no Problem with Request.ServerVariables("LOGON_USER") (I'm using VBScript), but there is no variable for the user's groups.
I read you can do it via ldap, and got folowing code:
<%
Set oConn = CreateObject("ADODB.Connection")
Set oComm = CreateObject("ADODB.Command")
oConn.Provider = "ADsDSOOBJECT" ' ADSI OLE-DB provider
oConn.Open "ADs Provider"
oComm.ActiveConnection = oConn
oComm.Properties("Page Size") = 1000
oComm.CommandText = "select uid,sn from 'LDAP://clc-west1'"
Set Rs = oComm.Execute
Do While NOT Rs.EOF
Response.Write "<br>x " & Rs("sn")
Rs.MoveNext
Loop
%>
Well, I get a lot of lines with an "x" but nothing else will be displayed, not even an error. Just as if Rs("sn") were empty, though it goes through the loop a few times and displays some "x".
The other way is:
<%
DomainName = "clc-west1"
strDefaultNamingContext = "DC=leeds-clc"
GALQueryFilter = "(sn=*)"
strQuery = "<LDAP://" & DomainName & "/" & strDefaultNamingContext & ">;" & GALQueryFilter & ";sn,uid;subtree"
Set oConn = CreateObject("ADODB.Connection") 'Create an ADO Connection
oConn.Provider = "ADsDSOOBJECT" ' ADSI OLE-DB provider
oConn.Open "ADs Provider"
Set oComm = CreateObject("ADODB.Command") ' Create an ADO Command
oComm.ActiveConnection = oConn
oComm.Properties("Page Size") = 1000
oComm.CommandText = strQuery
oComm.Properties("Sort on") = "givenname"
Set Rs = oComm.Execute
%>
But here I get the Error: Error Type: Provider (0x80040E37); Table does not exist.; @ the line of Set Rs = oComm.Execute.
What do I have to insert for strDefaultNamingContext?
Does anyone know a good and _easy_ tutorial for this?
Or, how can I obtain the user's group membership, because that is all I want!

Thanks a lot,
warrior23
0
warrior23
7/28/2004 11:35:24 AM
asp.net.security 27051 articles. 1 followers. Follow

5 Replies
507 Views

Similar Articles

[PageSpeed] 43
Get it on Google Play
Get it on Apple App Store

Here's an example using System.DirectoryServices: http://www.codeproject.com/dotnet/usergroupmembership.asp
Tomas Restrepo [MVP]
tomasr@mvps.org
0
tomasr
7/28/2004 12:24:40 PM
Hi,

thanks a lot, but the link you posted somehow does not work... :/

Mhhh can you maby tell me whats wrong with this:

<%
Dim objUSR, objGRP, objMember, strDomain, strUserLoginName
strDomain = "WORKGROUP"
strUserName = Request.ServerVariables("AUTH_USER")
adspath = "WinNT://" & strDomainName & "/" & strUserName
adsobj = getobject( adspath )
For Each objMember In asdobj.Groups
Response.Write "<br>" & objMember.Name
Next
%>
I get following Error:
Error Type:
(0x80005000)
/test4.asp, line 8
when I set adspath to "WinNT://" & strDomainName & "/" & strUserName & ",user" (seen it like that in some other examples, too, I get the same error...
0
warrior23
7/28/2004 12:56:52 PM
Hi again,

I found a different way to obtain a user's group membership:
adspath = "WinNT://" & strDomainName & "/" & strUserName
adsobj = getobject( adspath )
For Each objMember In asdobj.Groups
Response.Write "<br>" & objMember.Name ' or objMember.ADsPath
Next
But this doesn't work, I get following error:
Error Type:
(0x80005000)
/test4.asp, line 8
Someone told me, that it has to do with the adsiis.dll - how can I check if this dll is installed / registered? (it exists in my System32 Folder)...
0
warrior23
7/28/2004 1:26:25 PM
hi, its me again, sry, will be my last post ;)

Okay, the dll is registered, but the same error....
I tried
adspath = "WinNT://" & strDomainName & "/" & strUserName
as well as
adspath = "WinNT://" & strDomainName & "/" & strUserName & ",user"
for in some examples it uses the second path...
Well:
Error Type:
(0x80005000)
/test4.asp, line 8
:(((
0
warrior23
7/28/2004 1:49:18 PM
The link works fine for me...takes a little bit of time to load, though...
Tomas Restrepo [MVP]
tomasr@mvps.org
0
tomasr
7/29/2004 7:52:03 PM
Reply:

Similar Artilces:

Modifying user's group memberships using the System.DirectoryServices.Protocols (S.DS.P) Namespace
Hi everybody,I am connecting to an Active Directory server using the System.DirectoryServices.Protocols namespace (this is necessary as the AD server lives in a different, untrusted domain to the web server; and the ADSI security does not allow us to connect using the DirectoryEntry classes.)I am new to this namespace; but have made good progress recently. I can retrieve and modify user details, activate and deactivate their accounts, change their email address, telephone number, etc. and add new users into the directory. So I have got some familiarity with the classes and functionality whic...

changes made from one user's webpart's page, effects all user's
 I am just doing this offline right now in Visual Web Developer Express 2008I created the login inonce in the memberpage area, people can modify their webpart page. I created several users to test this out.  I loaded it in a browser.When I make changes as logged in user "A" .  Then logout and login as user "B", user "B,s" webpart page has been changed to user "A".This goes true for whomever I log in as.  It changes for everyone.Is there something specific I need to do in order to get everyone's changes to be unique for them...

Compare a Group's objectSid to a user's primaryGroupId
Dunnry, this question is related to my quest that you solved yesterday about how to get a primary group for a user. The difference is this time I try to a a list of users that are member of a given group.When using the member property to get a list of members of a given Group (e.g. GroupA), it didn't list those users whose primaryGroup is GroupA. So I am thinking to use a filter like (primaryGroupID= GroupA's Objectsid) when search users.However, the GroupA's objestSid is byte[] type, and the primaryGroupID is int type. Though the method in yesterday's post "CreatePrimaryGroupSID" ...

Displaying a user's group memberships
I need to capture a user's group memberships for further processing in a Perl script. The user's username is passed to the script via the command line and captured with ARGV. From there, I want to determine the group memberships (much like executing `groups` from the command line) and run those through a loop for processing. I seem to be having a problem locating a function that will do this. I've looked at several and tried a couple, but either I'm doing something wrong or I'm using the wrong functions. All of the ones I've tried are part of getgr*. ...

accessing winnt user's security groups
I'm really new to this adsi security stuff and have been searching all over but have been unable to put 2 + 2 together to figure this out. I want to implement security logic in my program in c# to, for a particular user in a particular domain, get all winnt security groups that user is in. On the flip side, I want to find all members for particular winnt security groups which are set up specifically for security in my program. Can someone please provide me some code samples of how to do each in c#? Basically, my web app is going to have 3 security groups and each security group will ha...

Net security is everyone's problem not just Microsoft's, says Ballmer
Speaking at the Center for Strategic and International Studies in Washington DC, Microsoft chief executive Steve Ballmer declared that responsibility for cybersecurity falls on everyone---users, software vendors, and government agencies. Mr. Ballmer did not outline any new security initiatives, but continued to promote the upcoming Windows XP Service Pack 2, an update to the company's server operating system, and future versions of Internet Explorer that will block pop-up ads and unauthorized downloads. Mr. Ballmer outlined active protection technology, designed to stop worms...

[Fwd: Re: Displaying a user's group memberships]
--------------070908020200010708080806 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sorry, I sent these to the poster rather than the list--my bad. -------- Original Message -------- Subject: Re: Displaying a user's group memberships Date: Wed, 20 Dec 2006 20:23:53 -0700 From: Tom Smith <tom71713-perl@inqone.com> To: John W. Krahn <krahnj@telus.net> References: <45872961.7080805@inqone.com> <20061219001601.GA32475@apotheon.com> <4589B5BA.7060907@inqone.com> <4589E34E.60908@telus.net> ...

Checking user's group membership with forms authentication
Hello all,I am writing a web site that uses forms authentication to check a user's credentials against our ldap server.  Since I am very inexperienced in asp.net, I used the tutorial found here for guidance.  I can now log in to the app, but find that I don't know how to check whether a user belongs to a group or not programmatically.  It seems it should be simple, but I cannot find it in the tutorial.Thanks in advance,WinterPhoenix check this: http://msdn.microsoft.com/en-us/library/ms998358.aspx/GuruBhai...

rights or attributes needed to modify a user's group membership
We have a container admin who can change passwords, login scripts, but I need him to modify a user's group membership. What righs does he need to the container that I'd like for him to administer? http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064960.htm shanes_inbox@hotmail.com wrote: > We have a container admin who can change passwords, login scripts, but I > need him to modify a user's group membership. > > What righs does he need to the container that I'd like for him to > administer? -- Craig Wilson CNE3, 4, 5 - MCSE - CCNA...

[Fwd: Re: Displaying a user's group memberships] #2
Sorry, I sent this to the poster rather than the list... My bad. -------- Original Message -------- Subject: Re: Displaying a user's group memberships Date: Wed, 20 Dec 2006 20:39:13 -0700 From: Tom Smith <tom71713-perl@inqone.com> To: John W. Krahn <krahnj@telus.net> References: <45872961.7080805@inqone.com> <20061219001601.GA32475@apotheon.com> <4589B5BA.7060907@inqone.com> <4589E34E.60908@telus.net> John W. Krahn wrote: > Tom Smith wrote: > >> Thank Chad (and John) for your input on this. I thought I'd pos...

Unable to cast object of type 'WIM2008_Web.App_Code.wim.security.data.User' to type 'WIM2008_Web.App_Code.wim.security.data.User'
I don't know if i post this in the rigth forum but it is related to database call. this is my code: public DataSet CustomerDetails_Select(Int32 ID)    {      DataSet ds = new DataSet();      WIMConnect wimcon = new WIMConnect();      WIMConnection cnnwim = new WIMConnection();      ConvertDataReaderToDataTable DrToDs = new ConvertDataReaderToDataTable();      GridViewHeadersDao gvh = new GridViewHeadersDao();       &nb...

determining a group's membership in other groups
Hi,   How can I determine if a certain Active Directory group is a member of other groups? Let’s say we have a group in Active Directory called ‘Microsoft Dallas Employees’ which contains the list of employees in Microsoft’s Dallas office. This group in turn belongs to a bigger group called Microsoft Employees. How do I use ‘Microsoft Dallas Employees’ as a search criteria and find out the other groups that this belongs to?   My environment is ASP.NET 2.0, C#, Active Dirtectory 2003 on  Windows server 2003   -Thanks   The easiest way would be to use an...

Unable to access user control's user control's function\property from another user control
Hi, I used to call an user control's user control function as stated below from my user control in ASP.Net 1.1 wucCompany.wucEmployee.GetEmployeeSomething() After migrating to ASP.Net 2.0, I am unable to use any properties/functions(even the public ones) of the user control's User control's from another user control.  The way I have to do is create property\function in wucCompany which calls the wucEmployee's property\function and call the wucDepartment.GetEmployeeSomething().Since I need to do this change in too many places, I can...

getting network folder's, users and groups security access list
hello, I am writing an app that: 1. create a network group 2. add some users to new created group 3. add security access to a folder, adding new group for 1. I used jclLanMan unit: CreateGlobalGroup(server,agroup,description); for 2. I used NetGroupAddUser from jwaWindows unit; for 3. finally I had to use "ShellExecute" calling icacls, (i didn't find an elegant successful way...), something like: {code} var Sid: PSID; sids:string; tpsid:string; trform:TRUSTEE_FORM; s:WideString; begin Nome_SID(server,groupname,sids,tpsid,sid); s:='"'+fo...

Web resources about - Impersonation: obtain the user's group membership - asp.net.security

Resources last updated: 1/15/2016 4:49:11 AM