ASP.NET and NT Group Membership

by fwhagen Thu, 04 January 2007

This was MUCH easier to accomplish than ADSI info gathering.  Code is below:

    public bool IsMemberOf(string szGroupName)
    {
        System.Security.Principal.WindowsPrincipal user =
            (System.Security.Principal.WindowsPrincipal)HttpContext.Current.User;
        bool bVal = user.IsInRole(szGroupName);
        return (bVal);
    }

Keywords:

Filed Under: .NET

Collecting User Info from the Domain

by fwhagen Fri, 22 December 2006

In Intranet applications, it is often critical to know who your user is.  NTLM and .NET give you the ability to get the login name, which is a great identifier, but tells you nothing about them.  You get this by using:

HttpContext.Current.User.Identity.Name

though typically that can be shortened to simply User.Identity.Name.  However, with LDAP calls you can get more information, but you need to know the LDAP address of the domain controller for AD.  One tool I found that helps is ldp.exe which is available with the Windows Support Tools from Microsoft (free!).  Just connect to the AD controller and it gives you the LDAP address you can use in your System.DirectoryServices calls.

The guts of it are this: 
Make a connection to the domain controller using an LDAP address:

        szADPath = String .Format( "LDAP://CN=Users,DC={0},DC=com" , szDomain);

        DirectoryEntry entry = new DirectoryEntry (szADPath);

Create a DirectorySearcher with filters and find the user you want:

        string_szUID = HttpContext.Current.User.Identity.Name;

 

        DirectorySearcher search = new DirectorySearcher(entry);

        search.Filter = String.Format("(SAMAccountName={0})", _szUID.Substring(_szUID.IndexOf("\\") + 1));

        search.PropertiesToLoad.Add("displayName");    // Full Name (Frank Hagen)

        search.PropertiesToLoad.Add("employeeid");     // EmplID   (123456)

        search.PropertiesToLoad.Add("givenname");      // First Name (Frank)

        search.PropertiesToLoad.Add("sn");             // Last Name  (Hagen)

        SearchResult result = search.FindOne();        // Execute filtered search

Then iterate through all of the properties returned:

        foreach(string key in result.Properties.PropertyNames)

That's really all there is to it. 

Of course the data available is dependant on the quality of data input by the Network Support group.  If they don't put anything useful in, your still stuck with nothing.  We are fortunate here and are taking the employee id and querying against other sources for additional data.

I am building a class for internal projects to use this.  When I have cleaned it up and optimized it properly, I will post it.  It was hard to find good resources online for this, surprisingly, although there were many 3rd party paid products available.  Maybe I should package it up and sell it too....

Keywords:

Filed Under: .NET

C#.NET Inheritance

by fwhagen Fri, 01 December 2006

Inheritance is a good thing.  It offers a great way to simplify coding through rollup of repetitive tasks and common attributes.  It is one reason why OOP is superior to most other programming methods.  It's a beautiful thing.

It also offers great job security.  Nothing endears your successor more than trying to figure out properties that are inherited 5 levels up in the abstraction with NO commenting or clue where to look.  And don't even get me started on N-Tier programming when N > 5!  Solutions get a bit unwieldy with 8+ projects attached.

Keywords: , ,

Filed Under: .NET | Programming | Work

Scripting ASP.NET Configurations

by fwhagen Mon, 16 October 2006

When I restarted this blog using DasBlog, I wanted a configuration that I could install on my USB key and run from anywhere with IIS.  I was able to leverage DasBlog to do that with some custom scripting to automatically install the VirtDir.  Everything was great.  Then I moved to another company and got a new workstation.  The script still works great, but since my machine defaults to ASP.NET 1.1, I have to manually modify the IIS Config after running the script to allow the 2.0 runtime I have DasBlog configured for.  It's a minor annoyance and one I will solve by finding a solution to the script, or getting everyone defaulted to 2.0 (which is happening!).  The script is below:

Set shell = Wscript.CreateObject( "WScript.Shell" )
Set fso = WScript.CreateObject( "Scripting.FileSystemObject" )
vDirName = "DasBlog"
vDirPath = fso.GetFolder( ".\dasblogce" ).Path
'Using IIS Administration object , turn on script/execute permissions and define the virtual directory as an 'in-process application.
Set objIIS = GetObject( "IIS://localhost/W3SVC/1/Root" )
Set vDirObj = objIIS.Create( "IISWebVirtualDir" , vDirName )
vDirObj.Path = vDirPath
vDirObj.AuthNTLM = True
vDirObj.AccessRead = True
vDirObj.AccessWrite = True
vDirObj.AccessScript = True
vDirObj.AccessExecute = True
vDirObj.AuthAnonymous = True
'vDirObj.AnonymousUserName = owner
vDirObj.AnonymousPasswordSync = True
vDirObj.EnableDefaultDoc = True
vDirObj.DefaultDoc = "default.aspx"
vDirObj.AppCreate2 1
vDirObj.SetInfo
''UpdateScriptMaps(vDirPath)
If Err.Number > 0 Then
WScript.echo Err.Description
WScript.Quit
Else
WScript.echo "Virtual directory created."
End If

Keywords: ,

Filed Under: .NET | Blog

Custom Attributes and Validation in C#.NET

by fwhagen Wed, 23 August 2006

I have been laboring through setting up Custom Attributes and automatic validators in C#.NET.  It's very cool stuff, and as explained to me by my far more experienced lead, going to make our downstream efforts vastly simplified.

I was bashing at the keyboard aimlessly over this when I happened upon this article:  
   Attributed Programming in .NET Using C#
which has really helped me a great deal.  If you are interested in building custom attributes for business object entity classes, and you should be, check it out.

Keywords:

Filed Under: .NET

TextBox

RecentPosts