How to get the original user name from Authorizations

Mar 23, 2010 at 1:09 PM

Hi,

 

I am adding LDAP users to a roles authorizations list using the following.

item.CreateAuthorization(ownerSid, WhereDefined.Local, userSid, WhereDefined.LDAP, authType, null, null);

where 'item' is the Role.

 I am trying to reconstruct the LDAP users name when I later retrieve the item.  I retrieve the authorizations using the following

            IAzManStore storage = AuthorizationBase.GetNetSQlAzManStore();
            IAzManApplication application = storage.GetApplication("WorkManager");

            IAzManItem item = application.GetItem(itemName);

            foreach (IAzManAuthorization authorisation in item.Authorizations)
{
..................
}

How can I reconstruct the LDAP users name when all the Authorizations contains is the SID?

 

Coordinator
Mar 23, 2010 at 1:45 PM

Hi,

try this:

using System.Security.Principal;

....

string accountName = (NTAccount)new SecurityIdentifier(authorisation.ObjectSID.StringValue).Translate(typeof(NTAccount)).Value;

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Mar 23, 2010 at 3:18 PM

Thank you,

 

This seems to work fine :-)

Mar 24, 2010 at 10:35 AM
Edited Mar 24, 2010 at 1:05 PM

Hi,

 

Is there a simpler way of getting the Membership users ProviderUserKey?  I use the ProviderUserKey as the SID when adding the Database user to a role in the same format as above for the LDAP user, but obviously I have to use  SqlAzManSID to convert the ProviderUserKey to a SID acceptable by the CreateAuthorization method.  Is there a way to convert the SID back to its original ProviderUserKey so I can use it in the following code:

MembershipUser memberUser = Membership.GetUser(authorisation.SID);
I am getting the DBUSers using:

IAzManItem item = application.GetItem(itemName);

 

I then check the Authorization.WhereDefinedType as being equal to Database before extracting its associated SID.

 

I have used the following to get the DB users name (which is the information I really want) but it just seems a little inefficient especially if there are hundreds of dbusers to cycle through everytime.

  

 

                            IAzManDBUser[] DBUserAuths = application.GetDBUsers();

                            foreach (IAzManDBUser dbUser in DBUserAuths)
                            {
                                if (dbUser.CustomSid.ToString() == authorisation.SID.ToString())
                                {
                                    username = dbUser.UserName;
                                }
                            }

 

Mar 24, 2010 at 1:08 PM
Edited Mar 24, 2010 at 1:14 PM

I have hit another problem.  I am trying to relink the dbuser to the authorised user, all I have to link them is the AzMan SID and the membership users ProviderUserKey and these don't match at all.  So I do really need a method of regenerating the original ProviderUserKey from the Authorization SID.  Is this possible?

 

the code I am using the get the Membership users is as follows:

            List searchResults = new List();
            MembershipUserCollection DBUserList = Membership.FindUsersByName("%" + searchText + "%");

            foreach (MembershipUser user in DBUserList)
            {
                searchResults.Add(user.UserName + "|" + user.ProviderUserKey.ToString());
            }

            return searchResults;

 

So the ProviderUserKey is the only thing I have in order to relink the searh results to the assigned Authorization DB User.

Coordinator
Mar 24, 2010 at 6:17 PM

Hi,

authorization SID for DB Users is a simple System.Guid (wrapped around SqlAzManSid).

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator  
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com