Authentification and Authorization with WinForms (IsInRole Method)-CodePudding

I am trying to repeat an exercise from the book ("C# 7.0: All-in-One-for-Dummies") which shows how authentification and authorization works in WinForms. And everything compiles and there are no issues during runtime but it doesn't works as intended.

Let me explain in details:

I have three buttons (Sales, Accountancy and HR) and I have the code which allows only the member of the appropriate group to be able to see this button (by the way, buttons' .Visible = false). I made an additional User (with the user rights and not administrator) and Groups for experimentation and added this User to each Group consequently. What I mean. I added the user to the group and then check the result. After this I deleted user from the group and add him to the next one. And so on.

The result is that sometimes I can see all buttons and some times I can't see only one button (but not the intended one) and it seems like my code doesn't affect a thing or affect it in a weird manner. I have no idea what is going on. My Windows is 7 Home Advanced and I am working with groups and users via CMD with net localgroup and net user. I read Microsoft description for IsInRole method and it seems like I did everything correct because if you indicate string with the name of the group it means the exact group in your Windows. Here is the code itself:

using System;
using System.Windows.Forms;
using System.Security.Principal;

namespace AuthentificationAndAuthorization
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            WindowsIdentity userIdentity = WindowsIdentity.GetCurrent();
            WindowsPrincipal userRights = new WindowsPrincipal(userIdentity);

             if (userRights.IsInRole("Accountancy")) AccountingButton.Visible = true;
             else if (userRights.IsInRole("Sales")) SalesButton.Visible = true;
             else if (userRights.IsInRole("HR")) ManagerButton.Visible = true;
             else if (userRights.IsInRole(WindowsBuiltInRole.Administrator)) AccountingButton.Visible = true; SalesButton.Visible = true; ManagerButton.Visible = true;
        }
    }
}

Thanks in advance for any suggestions!

CodePudding user response：

Here's your problem: don't use if without braces. It's what caused Apple's 2014 iOS security nightmare.

Change this:

if (userRights.IsInRole("Accountancy")) AccountingButton.Visible = true;
else if (userRights.IsInRole("Sales")) SalesButton.Visible = true;
else if (userRights.IsInRole("HR")) ManagerButton.Visible = true;
else if (userRights.IsInRole(WindowsBuiltInRole.Administrator)) AccountingButton.Visible = true; SalesButton.Visible = true; ManagerButton.Visible = true;

to this:

if (userRights.IsInRole("Accountancy"))
{
    this.AccountingButton.Visible = true;
}
else if (userRights.IsInRole("Sales"))
{
    this.SalesButton.Visible = true;
}
else if (userRights.IsInRole("HR"))
{
    this.ManagerButton.Visible = true;
}
else if (userRights.IsInRole(WindowsBuiltInRole.Administrator))
{
    this.AccountingButton.Visible = true;
    this.SalesButton.Visible = true;
    this.ManagerButton.Visible = true;
}

....or better yet, do this:

Boolean isAdmin = userRights.IsInRole(WindowsBuiltInRole.Administrator);

this.AccountingButton.Visible = userRights.IsInRole("Accountancy") || isAdmin;
this.SalesButton     .Visible = userRights.IsInRole("Sales")       || isAdmin;
this.ManagerButton   .Visible = userRights.IsInRole("HR")          || isAdmin;

Also, avoid using magic strings: if you move those role-names to be const String values in a static class then your code will be easier to maintain in future.

CodePudding user response：

After I tried some debugging and did nothing else it started to work as I expect all of a sudden. This is cryptic...Also I found that builin Administrator can see all buttons no matter what you code tells. Ok. Nevermind.