Was anybody able to help Brian out with his problem?? Cheers, Aaron From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian H. Madsen Sent: Tuesday, 2 October 2007 5:44 PM To: [email protected] Subject: [OzMOSS] SecurityPolicies and Web Part security Sensitivity: Private
Hi Guys,
I just heard about this list from Aaron today and am surprised I hadn't heard
about it any sooner. Regardless, i have a question to ask which i hope somebody
may be able to help me with.
I'm currently developing a series of Web Parts and need them to have access to
the WindowsPrincipal and DirectoryEntry classes.
I've been doing quite a bit of customisation of late but this has me stumped!
The reason for this need is that our AD has certain groups set up which needs
to have access to some extra features - such as administrative rights. This is
a custom document library and the network administrator wants to control access
to certain parts of it via AD. Eg. I need to check to see if a user is part of
x, y and z groups before they can gain access to the features.
So far the call is fairly simple and i'm using the WindowsPrincipal object for
verification:
WindowsPrincipal winPrincipal = new
WindowsPrincipal(WindowsIdendity.Identity.GetCurrent());
if (winPrincipal.IsInRole("rolename here"))
{
// do some code here
}
I've gotten past this point by adding the following to the
wss_minimaltrust.config file:
<SecurityClass Name="ADPermissions" Description="System.Security.Principal,
mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="ADSecPermissions"
Description="System.Security.Permissions.SecurityPermission, mscorlib,
version=2.0.0.0, PublicKeyToken=b77a5c561934e089" />
<SecurityClass Name="DirectoryServicePermission"
Description="System.DirectoryServices.DirectoryServicesPermission,
System.DirectoryServices, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
<SecurityClass Name="DirectoryEntryPermission"
Description="System.DirectoryServices.DirectoryEntries,
System.DirectoryServices, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
<IPermission
class="ADPermission"
version="1"
Unrestricted="true"
Flags="Execution, WindowsPrincipal"
/>
<IPermission
class="ADSecPermissions"
version="1"
Unrestricted="true"
Flags="Execution, WindowsPrincipal"
/>
<IPermission
class="DirectoryServicePermission"
version="1"
Unrestricted="true"
Flags="Execution"
/>
<IPermission
class="DirectoryEntryPermission"
version="1"
Unrestricted="true"
Flags="Execution, DirectoryEntry"
/>
Further to the WindowsPrincipal i need access to the DirectoryEntry object as
well to retrieve more information from the AD setup. Yet, i cannot seem to get
beyond this and each time the web part loads the user is presented with a
Windows logon which doesn't seem to work. Eg. Logging in with the AD
credentials isn't working.
Does anybody here have any suggestions as to what i'm missing?
Regards
[cid:[email protected]]
------------------------------------------------------------------- OzMOSS.com
- to unsubscribe from this list, send a message back to the list with
'unsubscribe' as the subject.
Powered by mailenable.com - List managed by www.readify.net
<<inline: image001.jpg>>
