StorageCache.GetAuthorizedItems() returns nested items

May 1, 2011 at 5:27 PM

Hi,
We use Netsqlazman for authorization in our project and for this purpose we created a hierarchy of roles and mapped AD users in each role.
Sample Hierarchy is as follows:

Admin Role
 |
 |_ Support Role
        |
        |_ TestRole 1
               |
               |_ TestRole 2

Now the issue is that I would like to retrieve the role mapped to a user who is in the Admin Role, for this if I check StorageCache.GetAuthorizedItems, it returns me all the Roles as rest all others are nested within Admin Role. So the AuthorizedItems would return me all roles (i.e.Admin, Support, TestRole1 and TestRole2). But I would to retrieve only the exact mapped role instead of all the other roles.

Is there anyway to do this ?

Thanks !
 

Coordinator
May 2, 2011 at 6:12 AM

Hello,

You can use a workaround.

In practice, you must give the AllowWithDelegation permission to the "Admin Role" role .

When the "AllowWithDelegation" permission is inherited from child roles, it simply becomes "Allow".

When you read the result of the GetAuhtorizedItems method ... considers only users with the "AllowWithDelegation" permission.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

May 5, 2011 at 1:37 PM

Hi Andrea,

Thanks for your reply. Your solution worked for me.

I have one more query.

We are trying to develop our own screens for authorization and internally we intend to use the api exposed by netsqlazman.

For this purpose, we have designed an Admin.aspx screen where an Admin user will be able to search for users in LDAP and retrieve roles assigned for them.

Now internally, I am doing the LDAP authentication for the user but when i try to retrieve roles assigned to them, I use the following code:  

AuthorizedItem [] AuthorizedItems = ObjStorageCache.GetAuthorizedItems( StoreName,ApplicationName,Wid.GetUserBinarySSid(),Wid.GetGroupsBinarySSid(),DateTime .Now);

But this method requires the Wid object of the LDAP user, how can i retrieve that ?

Please help me with this.

Thanks !

 

 

 

 

Coordinator
May 5, 2011 at 1:40 PM

Using Kerberos Protocol Transition J

WindowsIdentity wid = new WindowsIdentity(“otheruser@domain.ext”);

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com