Get list of users belonging to a role using Authorization Manager (AzMan)

Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get开发者_StackOverflow社区 the user name? Either way, how can I get the users belonging to a role?

The table to manage roles would basically be like this:

Role    User
----    ----
admin   DOMAIN\UserName [delete]
        DOMAIN\UserName2 [delete]
        [add user text box]
news    DOMAIN\UserName3 [delete]
        [add user text box]

---

Found a way of doing it (IAzRole Interface, thanks to Bermo), looping through the MembersName property on each role. No need to map back to a windows account, unless you need to get more than the user name.

Setup roles as detailed in article: How To: Use Authorization Manager (AzMan) with ASP.NET 2.0

In Visual Studio Project add reference to AzMan COM library (azroles 1.0 Type Library). Then add using AZROLESLib;. Add <form id="form1" runat="server">, then in Page_Load:

AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass();
string connString = ConfigurationManager.ConnectionStrings["AuthorizationServices"].ConnectionString;
string path = Server.MapPath(connString.Substring("msxml://".Length));
AzManStore.Initialize(0, "msxml://" + path, null);
IAzApplication azApp = AzManStore.OpenApplication("AppName", null);
PlaceHolder p = new PlaceHolder();
StringBuilder sb = new StringBuilder();
sb.Append("<ul>");
foreach (IAzRole role in azApp.Roles)
{
    sb.Append("<li>");
    sb.Append(role.Name);
    sb.Append("<ul>");
    foreach (object member in (object[])role.MembersName)
    {
        sb.Append("<li>");
        sb.Append(member);
        sb.Append("</li>");
    }
    sb.Append("</ul>");
    sb.Append("</li>");
}
sb.Append("</ul>");
p.Controls.Add(new LiteralControl(sb.ToString()));
form1.Controls.Add(p);

This displays a list of roles and members in each role.

---

If you are storing your Azman role information in an XML file, you should be able to get lists of SID's containing the authorised users for each role using XPath (although maybe a good opportunity to use LINQ2XML ...):

<AzAdminManager MajorVersion="2" MinorVersion="0" Description="My application">
 <AzApplicationGroup Name="Admin" Description="" GroupType="Basic">
  <BizRuleLanguage /> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-1001</Member> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-1003</Member> 
 </AzApplicationGroup>
 <AzApplicationGroup Name="Users" Description="" GroupType="Basic">
  <BizRuleLanguage /> 
  <Member>S-1-5-21-3124078386-165137298-1092301467-501</Member> 
 </AzApplicationGroup>
</AzAdminManager>

The following post shows plenty of ways to map a SID back to a Windows account - How can I convert from a SID to an account name in C#.

---

Note that a role member can be an AD group. So you can't enumerate all the users just by looking at the role members. You'd need to query AD also.