|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Role based security on local machinethe local machine. It always fails when I specify a group instead of a user name. Everything works fine when I'm logged into the domain. I'm running it on an XP machine. Following is the code: Dim currentDomain As AppDomain = AppDomain.CurrentDomain currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim myPrincipal As New WindowsPrincipal(myIdentity) Thread.CurrentPrincipal = myPrincipal Dim myPermission As New PrincipalPermission(Nothing, "MACHINENAME\Administrators") Try myPermission.Demand() MessageBox.Show("Welcome to the show! You have access!") Catch ex As Exception MessageBox.Show("Get out of here! You don't have access!") MessageBox.Show(ex.Message) End Try Is the "MACHINENAME" from your sample code the name of the local machine or
another machine on the network? If it's the local machine, try using the "BUILTIN\Administrators" syntax instead. If it's not the local machine, is it possible that your local account doesn't have permissions to access the target machine at all? Show quoteHide quote "Diane" <dwea***@hcd.net> wrote in message news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >I am testing role based security and have a problem when logged into > the local machine. It always fails when I specify a group instead of a > user name. Everything works fine when I'm logged into the domain. I'm > running it on an XP machine. Following is the code: > > Dim currentDomain As AppDomain = AppDomain.CurrentDomain > > currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) > > Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent > Dim myPrincipal As New WindowsPrincipal(myIdentity) > Thread.CurrentPrincipal = myPrincipal > > Dim myPermission As New PrincipalPermission(Nothing, > "MACHINENAME\Administrators") > > Try > myPermission.Demand() > MessageBox.Show("Welcome to the show! You have access!") > Catch ex As Exception > MessageBox.Show("Get out of here! You don't have access!") > MessageBox.Show(ex.Message) > End Try > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com,
or even better - use the WindowsBuiltInRole Enum - Builtin groups are localized and that is a major PITA!! BUILTIN\Administrator == VORDEFINIERT\Administrator (german) --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Is the "MACHINENAME" from your sample code the name of the local > machine or another machine on the network? If it's the local machine, > try using the "BUILTIN\Administrators" syntax instead. If it's not > the local machine, is it possible that your local account doesn't have > permissions to access the target machine at all? > > "Diane" <dwea***@hcd.net> wrote in message > news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... > >> I am testing role based security and have a problem when logged into >> the local machine. It always fails when I specify a group instead of >> a user name. Everything works fine when I'm logged into the domain. >> I'm running it on an XP machine. Following is the code: >> >> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >> >> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >> >> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >> myPrincipal As New WindowsPrincipal(myIdentity) >> Thread.CurrentPrincipal = myPrincipal >> >> Dim myPermission As New PrincipalPermission(Nothing, >> "MACHINENAME\Administrators") >> >> Try >> myPermission.Demand() >> MessageBox.Show("Welcome to the show! You have access!") >> Catch ex As Exception >> MessageBox.Show("Get out of here! You don't have access!") >> MessageBox.Show(ex.Message) >> End Try How exactly would you use the WindowsBuiltInRole enum when defining a
PrincipalPermission, gvein that only strings are accepted for identifying the roles? I know that I've seen a localization-safe version of the names quite recently (in an article with a very convenient table for mapping the various name formats), but I couldn't find it when I went looking earlier this morning... Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:327075632503869594434528@news.microsoft.com... > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, > > or even better - use the WindowsBuiltInRole Enum - Builtin groups are > localized and that is a major PITA!! > > BUILTIN\Administrator == VORDEFINIERT\Administrator (german) > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Is the "MACHINENAME" from your sample code the name of the local >> machine or another machine on the network? If it's the local machine, >> try using the "BUILTIN\Administrators" syntax instead. If it's not >> the local machine, is it possible that your local account doesn't have >> permissions to access the target machine at all? >> >> "Diane" <dwea***@hcd.net> wrote in message >> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >> >>> I am testing role based security and have a problem when logged into >>> the local machine. It always fails when I specify a group instead of >>> a user name. Everything works fine when I'm logged into the domain. >>> I'm running it on an XP machine. Following is the code: >>> >>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>> >>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >>> >>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >>> myPrincipal As New WindowsPrincipal(myIdentity) >>> Thread.CurrentPrincipal = myPrincipal >>> >>> Dim myPermission As New PrincipalPermission(Nothing, >>> "MACHINENAME\Administrators") >>> >>> Try >>> myPermission.Demand() >>> MessageBox.Show("Welcome to the show! You have access!") >>> Catch ex As Exception >>> MessageBox.Show("Get out of here! You don't have access!") >>> MessageBox.Show(ex.Message) >>> End Try > > > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com,
sorry - i though of IsInRole... i would be interested in that table if you find it somewhere. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > How exactly would you use the WindowsBuiltInRole enum when defining a > PrincipalPermission, gvein that only strings are accepted for > identifying the roles? I know that I've seen a localization-safe > version of the names quite recently (in an article with a very > convenient table for mapping the various name formats), but I couldn't > find it when I went looking earlier this morning... > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:327075632503869594434528@news.microsoft.com... > >> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >> >> or even better - use the WindowsBuiltInRole Enum - Builtin groups are >> localized and that is a major PITA!! >> >> BUILTIN\Administrator == VORDEFINIERT\Administrator (german) >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> Is the "MACHINENAME" from your sample code the name of the local >>> machine or another machine on the network? If it's the local >>> machine, try using the "BUILTIN\Administrators" syntax instead. If >>> it's not the local machine, is it possible that your local account >>> doesn't have permissions to access the target machine at all? >>> >>> "Diane" <dwea***@hcd.net> wrote in message >>> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >>>> I am testing role based security and have a problem when logged >>>> into the local machine. It always fails when I specify a group >>>> instead of a user name. Everything works fine when I'm logged into >>>> the domain. I'm running it on an XP machine. Following is the >>>> code: >>>> >>>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>>> >>>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >>>> >>>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >>>> myPrincipal As New WindowsPrincipal(myIdentity) >>>> Thread.CurrentPrincipal = myPrincipal >>>> >>>> Dim myPermission As New PrincipalPermission(Nothing, >>>> "MACHINENAME\Administrators") >>>> >>>> Try >>>> myPermission.Demand() >>>> MessageBox.Show("Welcome to the show! You have access!") >>>> Catch ex As Exception >>>> MessageBox.Show("Get out of here! You don't have access!") >>>> MessageBox.Show(ex.Message) >>>> End Try "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> Me too. <g> At the time I saw it, I didn't bother bookmarking it because wrote in message news:327124632503903129655808@news.microsoft.com... > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, > > sorry - i though of IsInRole... > > i would be interested in that table if you find it somewhere. the location seemed so obvious. Big mistake. I'm still looking... Show quoteHide quote > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> How exactly would you use the WindowsBuiltInRole enum when defining a >> PrincipalPermission, gvein that only strings are accepted for >> identifying the roles? I know that I've seen a localization-safe >> version of the names quite recently (in an article with a very >> convenient table for mapping the various name formats), but I couldn't >> find it when I went looking earlier this morning... >> >> "Dominick Baier [DevelopMentor]" >> <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:327075632503869594434528@news.microsoft.com... >> >>> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >>> >>> or even better - use the WindowsBuiltInRole Enum - Builtin groups are >>> localized and that is a major PITA!! >>> >>> BUILTIN\Administrator == VORDEFINIERT\Administrator (german) >>> >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>>> Is the "MACHINENAME" from your sample code the name of the local >>>> machine or another machine on the network? If it's the local >>>> machine, try using the "BUILTIN\Administrators" syntax instead. If >>>> it's not the local machine, is it possible that your local account >>>> doesn't have permissions to access the target machine at all? >>>> >>>> "Diane" <dwea***@hcd.net> wrote in message >>>> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >>>>> I am testing role based security and have a problem when logged >>>>> into the local machine. It always fails when I specify a group >>>>> instead of a user name. Everything works fine when I'm logged into >>>>> the domain. I'm running it on an XP machine. Following is the >>>>> code: >>>>> >>>>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>>>> >>>>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >>>>> >>>>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >>>>> myPrincipal As New WindowsPrincipal(myIdentity) >>>>> Thread.CurrentPrincipal = myPrincipal >>>>> >>>>> Dim myPermission As New PrincipalPermission(Nothing, >>>>> "MACHINENAME\Administrators") >>>>> >>>>> Try >>>>> myPermission.Demand() >>>>> MessageBox.Show("Welcome to the show! You have access!") >>>>> Catch ex As Exception >>>>> MessageBox.Show("Get out of here! You don't have access!") >>>>> MessageBox.Show(ex.Message) >>>>> End Try > > > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com,
or just do WindowsBuiltInRole.Administrator.ToString(); :) ---------------------------------------Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > How exactly would you use the WindowsBuiltInRole enum when defining a > PrincipalPermission, gvein that only strings are accepted for > identifying the roles? I know that I've seen a localization-safe > version of the names quite recently (in an article with a very > convenient table for mapping the various name formats), but I couldn't > find it when I went looking earlier this morning... > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:327075632503869594434528@news.microsoft.com... > >> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >> >> or even better - use the WindowsBuiltInRole Enum - Builtin groups are >> localized and that is a major PITA!! >> >> BUILTIN\Administrator == VORDEFINIERT\Administrator (german) >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> Is the "MACHINENAME" from your sample code the name of the local >>> machine or another machine on the network? If it's the local >>> machine, try using the "BUILTIN\Administrators" syntax instead. If >>> it's not the local machine, is it possible that your local account >>> doesn't have permissions to access the target machine at all? >>> >>> "Diane" <dwea***@hcd.net> wrote in message >>> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >>>> I am testing role based security and have a problem when logged >>>> into the local machine. It always fails when I specify a group >>>> instead of a user name. Everything works fine when I'm logged into >>>> the domain. I'm running it on an XP machine. Following is the >>>> code: >>>> >>>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>>> >>>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >>>> >>>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >>>> myPrincipal As New WindowsPrincipal(myIdentity) >>>> Thread.CurrentPrincipal = myPrincipal >>>> >>>> Dim myPermission As New PrincipalPermission(Nothing, >>>> "MACHINENAME\Administrators") >>>> >>>> Try >>>> myPermission.Demand() >>>> MessageBox.Show("Welcome to the show! You have access!") >>>> Catch ex As Exception >>>> MessageBox.Show("Get out of here! You don't have access!") >>>> MessageBox.Show(ex.Message) >>>> End Try Why would this work? (I'm just seeing the value labels returned.)
Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:327141632503932663723712@news.microsoft.com... > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, > > > or just do > WindowsBuiltInRole.Administrator.ToString(); > > :) > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> How exactly would you use the WindowsBuiltInRole enum when defining a >> PrincipalPermission, gvein that only strings are accepted for >> identifying the roles? I know that I've seen a localization-safe >> version of the names quite recently (in an article with a very >> convenient table for mapping the various name formats), but I couldn't >> find it when I went looking earlier this morning... >> >> "Dominick Baier [DevelopMentor]" >> <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:327075632503869594434528@news.microsoft.com... >> >>> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >>> >>> or even better - use the WindowsBuiltInRole Enum - Builtin groups are >>> localized and that is a major PITA!! >>> >>> BUILTIN\Administrator == VORDEFINIERT\Administrator (german) >>> >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>>> Is the "MACHINENAME" from your sample code the name of the local >>>> machine or another machine on the network? If it's the local >>>> machine, try using the "BUILTIN\Administrators" syntax instead. If >>>> it's not the local machine, is it possible that your local account >>>> doesn't have permissions to access the target machine at all? >>>> >>>> "Diane" <dwea***@hcd.net> wrote in message >>>> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >>>>> I am testing role based security and have a problem when logged >>>>> into the local machine. It always fails when I specify a group >>>>> instead of a user name. Everything works fine when I'm logged into >>>>> the domain. I'm running it on an XP machine. Following is the >>>>> code: >>>>> >>>>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>>>> >>>>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >>>>> >>>>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >>>>> myPrincipal As New WindowsPrincipal(myIdentity) >>>>> Thread.CurrentPrincipal = myPrincipal >>>>> >>>>> Dim myPermission As New PrincipalPermission(Nothing, >>>>> "MACHINENAME\Administrators") >>>>> >>>>> Try >>>>> myPermission.Demand() >>>>> MessageBox.Show("Welcome to the show! You have access!") >>>>> Catch ex As Exception >>>>> MessageBox.Show("Get out of here! You don't have access!") >>>>> MessageBox.Show(ex.Message) >>>>> End Try > > > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com,
err, that was a joke - nevermind --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Why would this work? (I'm just seeing the value labels returned.) > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:327141632503932663723712@news.microsoft.com... > >> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >> >> or just do >> WindowsBuiltInRole.Administrator.ToString(); >> :) >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> How exactly would you use the WindowsBuiltInRole enum when defining >>> a PrincipalPermission, gvein that only strings are accepted for >>> identifying the roles? I know that I've seen a localization-safe >>> version of the names quite recently (in an article with a very >>> convenient table for mapping the various name formats), but I >>> couldn't find it when I went looking earlier this morning... >>> >>> "Dominick Baier [DevelopMentor]" >>> <dbaier@pleasepleasenospamdevelop.com> wrote in message >>> news:327075632503869594434528@news.microsoft.com... >>> >>>> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >>>> >>>> or even better - use the WindowsBuiltInRole Enum - Builtin groups >>>> are localized and that is a major PITA!! >>>> >>>> BUILTIN\Administrator == VORDEFINIERT\Administrator (german) >>>> >>>> --------------------------------------- >>>> Dominick Baier - DevelopMentor >>>> http://www.leastprivilege.com >>>>> Is the "MACHINENAME" from your sample code the name of the local >>>>> machine or another machine on the network? If it's the local >>>>> machine, try using the "BUILTIN\Administrators" syntax instead. >>>>> If it's not the local machine, is it possible that your local >>>>> account doesn't have permissions to access the target machine at >>>>> all? >>>>> >>>>> "Diane" <dwea***@hcd.net> wrote in message >>>>> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >>>>>> I am testing role based security and have a problem when logged >>>>>> into the local machine. It always fails when I specify a group >>>>>> instead of a user name. Everything works fine when I'm logged >>>>>> into the domain. I'm running it on an XP machine. Following is >>>>>> the code: >>>>>> >>>>>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>>>>> >>>>>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal >>>>>> ) >>>>>> >>>>>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent >>>>>> Dim myPrincipal As New WindowsPrincipal(myIdentity) >>>>>> Thread.CurrentPrincipal = myPrincipal >>>>>> >>>>>> Dim myPermission As New PrincipalPermission(Nothing, >>>>>> "MACHINENAME\Administrators") >>>>>> >>>>>> Try >>>>>> myPermission.Demand() >>>>>> MessageBox.Show("Welcome to the show! You have access!") >>>>>> Catch ex As Exception >>>>>> MessageBox.Show("Get out of here! You don't have access!") >>>>>> MessageBox.Show(ex.Message) >>>>>> End Try Sorry about that. My sense of humour sleeps in on Mondays... <gdr>
Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:332780632506659909442576@news.microsoft.com... > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, > > err, that was a joke - nevermind > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Why would this work? (I'm just seeing the value labels returned.) >> >> "Dominick Baier [DevelopMentor]" >> <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:327141632503932663723712@news.microsoft.com... >> >>> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >>> >>> or just do >>> WindowsBuiltInRole.Administrator.ToString(); >>> :) >>> >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>>> How exactly would you use the WindowsBuiltInRole enum when defining >>>> a PrincipalPermission, gvein that only strings are accepted for >>>> identifying the roles? I know that I've seen a localization-safe >>>> version of the names quite recently (in an article with a very >>>> convenient table for mapping the various name formats), but I >>>> couldn't find it when I went looking earlier this morning... >>>> >>>> "Dominick Baier [DevelopMentor]" >>>> <dbaier@pleasepleasenospamdevelop.com> wrote in message >>>> news:327075632503869594434528@news.microsoft.com... >>>> >>>>> Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, >>>>> >>>>> or even better - use the WindowsBuiltInRole Enum - Builtin groups >>>>> are localized and that is a major PITA!! >>>>> >>>>> BUILTIN\Administrator == VORDEFINIERT\Administrator (german) >>>>> >>>>> --------------------------------------- >>>>> Dominick Baier - DevelopMentor >>>>> http://www.leastprivilege.com >>>>>> Is the "MACHINENAME" from your sample code the name of the local >>>>>> machine or another machine on the network? If it's the local >>>>>> machine, try using the "BUILTIN\Administrators" syntax instead. >>>>>> If it's not the local machine, is it possible that your local >>>>>> account doesn't have permissions to access the target machine at >>>>>> all? >>>>>> >>>>>> "Diane" <dwea***@hcd.net> wrote in message >>>>>> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >>>>>>> I am testing role based security and have a problem when logged >>>>>>> into the local machine. It always fails when I specify a group >>>>>>> instead of a user name. Everything works fine when I'm logged >>>>>>> into the domain. I'm running it on an XP machine. Following is >>>>>>> the code: >>>>>>> >>>>>>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>>>>>> >>>>>>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal >>>>>>> ) >>>>>>> >>>>>>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent >>>>>>> Dim myPrincipal As New WindowsPrincipal(myIdentity) >>>>>>> Thread.CurrentPrincipal = myPrincipal >>>>>>> >>>>>>> Dim myPermission As New PrincipalPermission(Nothing, >>>>>>> "MACHINENAME\Administrators") >>>>>>> >>>>>>> Try >>>>>>> myPermission.Demand() >>>>>>> MessageBox.Show("Welcome to the show! You have access!") >>>>>>> Catch ex As Exception >>>>>>> MessageBox.Show("Get out of here! You don't have access!") >>>>>>> MessageBox.Show(ex.Message) >>>>>>> End Try > > > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com,
IMO you can't call IsInRole on a remote machine. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Is the "MACHINENAME" from your sample code the name of the local > machine or another machine on the network? If it's the local machine, > try using the "BUILTIN\Administrators" syntax instead. If it's not > the local machine, is it possible that your local account doesn't have > permissions to access the target machine at all? > > "Diane" <dwea***@hcd.net> wrote in message > news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... > >> I am testing role based security and have a problem when logged into >> the local machine. It always fails when I specify a group instead of >> a user name. Everything works fine when I'm logged into the domain. >> I'm running it on an XP machine. Following is the code: >> >> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >> >> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >> >> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >> myPrincipal As New WindowsPrincipal(myIdentity) >> Thread.CurrentPrincipal = myPrincipal >> >> Dim myPermission As New PrincipalPermission(Nothing, >> "MACHINENAME\Administrators") >> >> Try >> myPermission.Demand() >> MessageBox.Show("Welcome to the show! You have access!") >> Catch ex As Exception >> MessageBox.Show("Get out of here! You don't have access!") >> MessageBox.Show(ex.Message) >> End Try The "MACHINENAME\GroupName" syntax doesn't even work for me on the local
machine when logged on with a domain account (the scenario that supposedly works for OP), which is why I thought the named machine might not be the local machine. It might actually be a domain name rather than a machine name, but only OP knows for sure... Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:327078632503871272547536@news.microsoft.com... > Hello Nicole Calinoiu" calinoiu REMOVETHIS AT gmail DOT com, > > IMO you can't call IsInRole on a remote machine. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Is the "MACHINENAME" from your sample code the name of the local >> machine or another machine on the network? If it's the local machine, >> try using the "BUILTIN\Administrators" syntax instead. If it's not >> the local machine, is it possible that your local account doesn't have >> permissions to access the target machine at all? >> >> "Diane" <dwea***@hcd.net> wrote in message >> news:1114774743.636573.247460@o13g2000cwo.googlegroups.com... >> >>> I am testing role based security and have a problem when logged into >>> the local machine. It always fails when I specify a group instead of >>> a user name. Everything works fine when I'm logged into the domain. >>> I'm running it on an XP machine. Following is the code: >>> >>> Dim currentDomain As AppDomain = AppDomain.CurrentDomain >>> >>> currentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) >>> >>> Dim myIdentity As WindowsIdentity = WindowsIdentity.GetCurrent Dim >>> myPrincipal As New WindowsPrincipal(myIdentity) >>> Thread.CurrentPrincipal = myPrincipal >>> >>> Dim myPermission As New PrincipalPermission(Nothing, >>> "MACHINENAME\Administrators") >>> >>> Try >>> myPermission.Demand() >>> MessageBox.Show("Welcome to the show! You have access!") >>> Catch ex As Exception >>> MessageBox.Show("Get out of here! You don't have access!") >>> MessageBox.Show(ex.Message) >>> End Try > > > Yes, MACHINENAME in the sample code is the name of the local machine.
What I found is I do indeed have to use BUILTIN instead of the MACHINENAME when checking built in groups. I found the same is true when valididating against domain groups. In the end, this is what I use: Local Machine / Built In Group BUILTIN\GROUPNAME Local Machine / Custom Group MACHINENAME\GROUPNAME Domain Account / Built In Group BUILTIN\GROUPNAME Domain Account / Custom Group DOMAINNAME\GROUPNAME I'm not able to use the WindowsBuiltInRole enum with PrincipalPermission because ToString evaluates to Administrator and the group name is Administrators. Thanks for your responses! 
Other interesting topics
WindowsIdentity vs User.Identity ??
EventLogPermission via caspol.exe declarative security and impersonation Authenticate domain and local users Strong-Name Assembly calling WebService CredUIConfirmCredentials behaves unexpectedly RSA to PKCS#8 CAS and performance Walking Active Directory Can't programatically create a Domain group |
|||||||||||||||||||||||
