none
Programatically Check if the logged in user is in the Administrators group in Project Server (C#, VS2010) RRS feed

  • Question

  • Hi I would like to be able to check if the logged in user is a member of the administrator group programatically through c#

    I know that I can get the user's GUID / check if they are actually a user in project server (resource table in reporting DB) but I am having trouble finding out how to programatically check if they are a member of the "Administrators" group.

    Could somebody please provide a code sample of how to check if a user is in the administrators group when you have their GUID or username or name?

    I did not see a table in the reporting DB that has this so I am guessing this has to be done through the PSI..

    Thanks in advance!

    BTW.. i am just wondering is there a way to check each groups permission levels? was wondering that if it is possible, what is the best way to implement a similar security model to that of the actual project server 2010
    • Edited by gkrilov Monday, September 24, 2012 9:06 PM
    Monday, September 24, 2012 8:23 PM

Answers

  • hi Amit :) I ended up finding the answer myself before you posted here but thank you for your reply anyways, it is basically the same thing that I did.

    This is what I ended up doing :) Basically I have three different types of users configured in my web.config - admins, readwrite users, and read only users. In my code here I loop through and find out who the person is. Based on what group they are in I can later show/hide different options in my application :)

                    SvcSecurity.SecurityClient security = new SecurityClient(ENDPOINT_PROJ_SECURITY);
                    string adminGroupsString = ConfigurationManager.AppSettings["adminGroups"];
                    string readWriteString = ConfigurationManager.AppSettings["readWriteGroups"];
                    string readOnlyString = ConfigurationManager.AppSettings["readOnlyGroups"];
                    List<string> adminGroups = new List<string>(adminGroupsString.Split(';'));
                    List<string> readWriteGroups = new List<string>(readWriteString.Split(';'));
                    List<string> readOnlyGroups = new List<string>(readOnlyString.Split(';'));
                    List<Guid> adminGroupIDs = new List<Guid>();
                    List<Guid> readWriteGroupIDs = new List<Guid>();
                    List<Guid> readOnlyGroupIDs = new List<Guid>();
    
                    List<Project> projectList = new List<Project>();
    
                    SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["RDB"].ConnectionString);
                    con.Open();
                    SqlCommand command = new SqlCommand("SELECT * FROM MSP_EpmResource where ResourceNTAccount = @username", con);
                    command.Parameters.AddWithValue("@username", this.User.Identity.Name);
    
                    SqlDataReader reader = command.ExecuteReader();
    
                    if (reader.Read())
                    {
                        string resourceID = reader["ResourceUID"].ToString();
                        //Get a list of security groups
                        SvcSecurity.SecurityGroupsDataSet sgds = security.ReadGroupList();
                        //Get the IDs of the required groups
                        foreach (SvcSecurity.SecurityGroupsDataSet.SecurityGroupsRow ds in sgds.SecurityGroups)
                        {
                            if (adminGroups.Exists(group => ds.WSEC_GRP_NAME == group))
                            {
                                adminGroupIDs.Add(ds.WSEC_GRP_UID);
                            }
                            else if (readWriteGroups.Exists(group => ds.WSEC_GRP_NAME == group))
                            {
                                readWriteGroupIDs.Add(ds.WSEC_GRP_UID);
                            }
                            else if (readOnlyGroups.Exists(group => ds.WSEC_GRP_NAME == group))
                            {
                                readOnlyGroupIDs.Add(ds.WSEC_GRP_UID);
                            }
                        }
    
                        bool isAdmin = false;
                        //Go through each group using the id and check if the current
                        //user is in that group (for example here check if the user is an admin)
                        foreach (Guid id in adminGroupIDs)
                        {
                            SecurityGroupsDataSet group = security.ReadGroup(id);
                            foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
                            {
                                if (member.RES_UID.ToString().Equals(resourceID))
                                {
                                    isAdmin = true;
                                    Session["createReport"] = "true";
                                    break;
                                }
                            }
                        }
    
                        //If the user is not an admin then continue checking who they are
                        if (!isAdmin)
                        {
                            bool readWrite = false;
                            //Check if the user is a read write group member
                            foreach (Guid id in readWriteGroupIDs)
                            {
                                SecurityGroupsDataSet group = security.ReadGroup(id);
                                foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
                                {
                                    if (member.RES_UID.ToString().Equals(resourceID))
                                    {
                                        Session["createReport"] = "true";
                                        readWrite = true;
                                        break;
                                    }
                                }
                            }
                            //If the user is not a read write group member either then check if they are a team member
                            if (!readWrite)
                            {
                                foreach (Guid id in readOnlyGroupIDs)
                                {
                                    SecurityGroupsDataSet group = security.ReadGroup(id);
                                    foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
                                    {
                                        if (member.RES_UID.ToString().Equals(resourceID))
                                        {
                                            Session["createReport"] = "false";
                                            break;
                                        }
                                    }
                                }
                            }
                        }

    Cheers! :)



    • Edited by gkrilov Tuesday, September 25, 2012 8:32 PM
    • Marked as answer by gkrilov Wednesday, September 26, 2012 12:56 PM
    Tuesday, September 25, 2012 8:30 PM

All replies

  • Hi there--

    Security related information is not stored in project server reporting database. As you know that only supported way is the PSI. Please see below sample code:

    public class SecuritySample
        {
    Guid grpGuid = new Guid("69fc9d0d-0b5f-4f4a-a9ef-c05a60eb5236");
                Guid resGuid = new Guid("aaf0443f-8d7c-48ab-aa15-d224c27fcfa2");
            SecuritySvc.Security security = new SecuritySvc.Security();
            SecuritySvc.SecurityGroupsDataSet sgds = new SecuritySvc.SecurityGroupsDataSet();
    
           
            public bool ReadUserGroupPermissions(Guid resGuid, Guid grpGuid)
            {
    
                //groupUid=69fc9d0d-0b5f-4f4a-a9ef-c05a60eb5236
                //userID=aaf0443f-8d7c-48ab-aa15-d224c27fcfa2
                 security.UseDefaultCredentials = true;
    
                 if ((from resGrp in security.ReadGroup(grpGuid).GroupMembers.AsEnumerable()
                      where resGrp.Field<Guid>("RES_UID") == resGuid
                      select resGrp).Count() > 0)
                 {
                     return true;
                 }
                 else
                     return false;
            }
    
        }

    You can call ReadGroup method of security class & check if the RES_UID (current logged in user) is associated with the Administrators group.

    Hope that helps.


    If you found this post helpful, please “Vote as Helpful”. If it answered your question, please “Mark as Answer”. Thanks, Amit Khare |EPM Consultant| Blog: http://amitkhare82.blogspot.com http://www.linkedin.com/in/amitkhare82

    Tuesday, September 25, 2012 10:47 AM
  • hi Amit :) I ended up finding the answer myself before you posted here but thank you for your reply anyways, it is basically the same thing that I did.

    This is what I ended up doing :) Basically I have three different types of users configured in my web.config - admins, readwrite users, and read only users. In my code here I loop through and find out who the person is. Based on what group they are in I can later show/hide different options in my application :)

                    SvcSecurity.SecurityClient security = new SecurityClient(ENDPOINT_PROJ_SECURITY);
                    string adminGroupsString = ConfigurationManager.AppSettings["adminGroups"];
                    string readWriteString = ConfigurationManager.AppSettings["readWriteGroups"];
                    string readOnlyString = ConfigurationManager.AppSettings["readOnlyGroups"];
                    List<string> adminGroups = new List<string>(adminGroupsString.Split(';'));
                    List<string> readWriteGroups = new List<string>(readWriteString.Split(';'));
                    List<string> readOnlyGroups = new List<string>(readOnlyString.Split(';'));
                    List<Guid> adminGroupIDs = new List<Guid>();
                    List<Guid> readWriteGroupIDs = new List<Guid>();
                    List<Guid> readOnlyGroupIDs = new List<Guid>();
    
                    List<Project> projectList = new List<Project>();
    
                    SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["RDB"].ConnectionString);
                    con.Open();
                    SqlCommand command = new SqlCommand("SELECT * FROM MSP_EpmResource where ResourceNTAccount = @username", con);
                    command.Parameters.AddWithValue("@username", this.User.Identity.Name);
    
                    SqlDataReader reader = command.ExecuteReader();
    
                    if (reader.Read())
                    {
                        string resourceID = reader["ResourceUID"].ToString();
                        //Get a list of security groups
                        SvcSecurity.SecurityGroupsDataSet sgds = security.ReadGroupList();
                        //Get the IDs of the required groups
                        foreach (SvcSecurity.SecurityGroupsDataSet.SecurityGroupsRow ds in sgds.SecurityGroups)
                        {
                            if (adminGroups.Exists(group => ds.WSEC_GRP_NAME == group))
                            {
                                adminGroupIDs.Add(ds.WSEC_GRP_UID);
                            }
                            else if (readWriteGroups.Exists(group => ds.WSEC_GRP_NAME == group))
                            {
                                readWriteGroupIDs.Add(ds.WSEC_GRP_UID);
                            }
                            else if (readOnlyGroups.Exists(group => ds.WSEC_GRP_NAME == group))
                            {
                                readOnlyGroupIDs.Add(ds.WSEC_GRP_UID);
                            }
                        }
    
                        bool isAdmin = false;
                        //Go through each group using the id and check if the current
                        //user is in that group (for example here check if the user is an admin)
                        foreach (Guid id in adminGroupIDs)
                        {
                            SecurityGroupsDataSet group = security.ReadGroup(id);
                            foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
                            {
                                if (member.RES_UID.ToString().Equals(resourceID))
                                {
                                    isAdmin = true;
                                    Session["createReport"] = "true";
                                    break;
                                }
                            }
                        }
    
                        //If the user is not an admin then continue checking who they are
                        if (!isAdmin)
                        {
                            bool readWrite = false;
                            //Check if the user is a read write group member
                            foreach (Guid id in readWriteGroupIDs)
                            {
                                SecurityGroupsDataSet group = security.ReadGroup(id);
                                foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
                                {
                                    if (member.RES_UID.ToString().Equals(resourceID))
                                    {
                                        Session["createReport"] = "true";
                                        readWrite = true;
                                        break;
                                    }
                                }
                            }
                            //If the user is not a read write group member either then check if they are a team member
                            if (!readWrite)
                            {
                                foreach (Guid id in readOnlyGroupIDs)
                                {
                                    SecurityGroupsDataSet group = security.ReadGroup(id);
                                    foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow member in group.GroupMembers)
                                    {
                                        if (member.RES_UID.ToString().Equals(resourceID))
                                        {
                                            Session["createReport"] = "false";
                                            break;
                                        }
                                    }
                                }
                            }
                        }

    Cheers! :)



    • Edited by gkrilov Tuesday, September 25, 2012 8:32 PM
    • Marked as answer by gkrilov Wednesday, September 26, 2012 12:56 PM
    Tuesday, September 25, 2012 8:30 PM
  • That's great, Sorry, I couldn't reply you earlier. so basically, you are doing the same thing. 

    Thanks,


    If you found this post helpful, please “Vote as Helpful”. If it answered your question, please “Mark as Answer”. Thanks, Amit Khare |EPM Consultant| Blog: http://amitkhare82.blogspot.com http://www.linkedin.com/in/amitkhare82

    Wednesday, September 26, 2012 6:45 AM
  • CHECK THIS. THAT WORK FOR ME !!!

    using System;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;



    using System.Collections.Generic;
    using System.Text;
    using System.Net;
    using System.Data;
    using System.Web.Services.Protocols;
    using System.Threading;
    using PSLibrary = Microsoft.Office.Project.Server.Library;
    //using Microsoft.Office.Project.Server.Library;



    namespace EsaPWA.ManageUser
    {
        public partial class ManageUserUserControl : UserControl
        {
            ResourceWebSvc.Resource resourceSvc = new ResourceWebSvc.Resource();

            //private static ResourceWebSvc.Resource resource = new ResourceWebSvc.Resource();
            protected void Page_Load(object sender, EventArgs e)
            {
                const string PROJECT_SERVER_URI = "http://your serverUrl/pwa/";
                const string RESOURCE_SERVICE_PATH = "_vti_bin/psi/resource.asmx";
                const string SECURITY_SERVICE_PATH = "_vti_bin/psi/security.asmx";
                Guid me;
                //ResourceWebSvc.ResourceDataSet resourceDs;
                //PSLibrary.Filter resourceFilter;
                //string filterXml;
                string ComplianceGUID = "";
                bool IamThere = false;

                // Set up the Web service objects
                ResourceWebSvc.Resource resourceSvc = new ResourceWebSvc.Resource();
                resourceSvc.Url = PROJECT_SERVER_URI + RESOURCE_SERVICE_PATH;
                resourceSvc.Credentials = CredentialCache.DefaultCredentials;

                //Get the current UserGuid
                me = resourceSvc.GetCurrentUserUid();

                SvcSecurity.Security SvcSecurity = new SvcSecurity.Security();
                SvcSecurity.Url = PROJECT_SERVER_URI + SECURITY_SERVICE_PATH;
                SvcSecurity.Credentials = CredentialCache.DefaultCredentials;
                SvcSecurity.SecurityGroupsDataSet groupDs = SvcSecurity.ReadGroupList();

                SvcSecurity.SecurityGroupsDataSet.SecurityGroupsDataTable myGroups = groupDs.SecurityGroups;

                foreach (DataRow myRow in myGroups.Rows)
                {
                    if (myRow.ItemArray[1].ToString() == "Portfolio Managers")
                    {
                        ComplianceGUID = myRow.ItemArray[0].ToString();
                        Guid grpGuid = new Guid(ComplianceGUID);
                        SvcSecurity.SecurityGroupsDataSet myGroupCompilance = SvcSecurity.ReadGroup(grpGuid);
                        SvcSecurity.SecurityGroupsDataSet.GroupMembersDataTable myTableMembers = myGroupCompilance.GroupMembers;
                        foreach (SvcSecurity.SecurityGroupsDataSet.GroupMembersRow myUsersRow in myTableMembers.Rows)
                        {
                            if (myUsersRow.RES_UID.ToString() == me.ToString())
                            {
                                IamThere = true;
                                //TODO IMPLEMENT HERE
                            }   
                        }
                    }
                }

            }
        }
    }

                                                   

    Manuel Duque Muriel Alalza Sistemas S.L.

    Monday, September 15, 2014 3:20 PM