Get list of users belonging to a role using Authorization Manager (AzMan)
https://stackoverflow.com/questions/2599512
-
25-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role?
The table to manage roles would basically be like this:
Role User
---- ----
admin DOMAIN\UserName [delete]
DOMAIN\UserName2 [delete]
[add user text box]
news DOMAIN\UserName3 [delete]
[add user text box]
Solution
Found a way of doing it (IAzRole Interface, thanks to Bermo), looping through the MembersName property on each role. No need to map back to a windows account, unless you need to get more than the user name.
Setup roles as detailed in article: How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
In Visual Studio Project add reference to AzMan COM library (azroles 1.0 Type Library). Then add using AZROLESLib;. Add <form id="form1" runat="server">, then in Page_Load:
AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
string connString = ConfigurationManager.ConnectionStrings["AuthorizationServices"].ConnectionString;
string path = Server.MapPath(connString.Substring("msxml://".Length));
AzManStore.Initialize(0, "msxml://" + path, null);
IAzApplication azApp = AzManStore.OpenApplication("AppName", null);
PlaceHolder p = new PlaceHolder();
StringBuilder sb = new StringBuilder();
sb.Append("<ul>");
foreach (IAzRole role in azApp.Roles)
{
sb.Append("<li>");
sb.Append(role.Name);
sb.Append("<ul>");
foreach (object member in (object[])role.MembersName)
{
sb.Append("<li>");
sb.Append(member);
sb.Append("</li>");
}
sb.Append("</ul>");
sb.Append("</li>");
}
sb.Append("</ul>");
p.Controls.Add(new LiteralControl(sb.ToString()));
form1.Controls.Add(p);
This displays a list of roles and members in each role.
OTHER TIPS
If you are storing your Azman role information in an XML file, you should be able to get lists of SID's containing the authorised users for each role using XPath (although maybe a good opportunity to use LINQ2XML ...):
<AzAdminManager MajorVersion="2" MinorVersion="0" Description="My application">
<AzApplicationGroup Name="Admin" Description="" GroupType="Basic">
<BizRuleLanguage />
<Member>S-1-5-21-3124078386-165137298-1092301467-1001</Member>
<Member>S-1-5-21-3124078386-165137298-1092301467-1003</Member>
</AzApplicationGroup>
<AzApplicationGroup Name="Users" Description="" GroupType="Basic">
<BizRuleLanguage />
<Member>S-1-5-21-3124078386-165137298-1092301467-501</Member>
</AzApplicationGroup>
</AzAdminManager>
The following post shows plenty of ways to map a SID back to a Windows account - How can I convert from a SID to an account name in C#.
Note that a role member can be an AD group. So you can't enumerate all the users just by looking at the role members. You'd need to query AD also.
