Get list of users belonging to a role using Authorization Manager (AzMan)

痴心易碎 提交于 2019-12-22 19:44:10

问题


Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role?

The table to manage roles would basically be like this:

Role    User
----    ----
admin   DOMAIN\UserName [delete]
        DOMAIN\UserName2 [delete]
        [add user text box]
news    DOMAIN\UserName3 [delete]
        [add user text box]

回答1:


Found a way of doing it (IAzRole Interface, thanks to Bermo), looping through the MembersName property on each role. No need to map back to a windows account, unless you need to get more than the user name.

Setup roles as detailed in article: How To: Use Authorization Manager (AzMan) with ASP.NET 2.0

In Visual Studio Project add reference to AzMan COM library (azroles 1.0 Type Library). Then add using AZROLESLib;. Add <form id="form1" runat="server">, then in Page_Load:

AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
string connString = ConfigurationManager.ConnectionStrings["AuthorizationServices"].ConnectionString;
string path = Server.MapPath(connString.Substring("msxml://".Length));
AzManStore.Initialize(0, "msxml://" + path, null);
IAzApplication azApp = AzManStore.OpenApplication("AppName", null);
PlaceHolder p = new PlaceHolder();
StringBuilder sb = new StringBuilder();
sb.Append("<ul>");
foreach (IAzRole role in azApp.Roles)
{
    sb.Append("<li>");
    sb.Append(role.Name);
    sb.Append("<ul>");
    foreach (object member in (object[])role.MembersName)
    {
        sb.Append("<li>");
        sb.Append(member);
        sb.Append("</li>");
    }
    sb.Append("</ul>");
    sb.Append("</li>");
}
sb.Append("</ul>");
p.Controls.Add(new LiteralControl(sb.ToString()));
form1.Controls.Add(p);

This displays a list of roles and members in each role.




回答2:


If you are storing your Azman role information in an XML file, you should be able to get lists of SID's containing the authorised users for each role using XPath (although maybe a good opportunity to use LINQ2XML ...):

<AzAdminManager MajorVersion="2" MinorVersion="0" Description="My application">
 <AzApplicationGroup Name="Admin" Description="" GroupType="Basic">
  <BizRuleLanguage /> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-1001</Member> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-1003</Member> 
 </AzApplicationGroup>
 <AzApplicationGroup Name="Users" Description="" GroupType="Basic">
  <BizRuleLanguage /> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-501</Member> 
 </AzApplicationGroup>
</AzAdminManager>

The following post shows plenty of ways to map a SID back to a Windows account - How can I convert from a SID to an account name in C#.




回答3:


Note that a role member can be an AD group. So you can't enumerate all the users just by looking at the role members. You'd need to query AD also.



来源:https://stackoverflow.com/questions/2599512/get-list-of-users-belonging-to-a-role-using-authorization-manager-azman

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!