Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Find If User is Member of Active Directory Group ASP.NET VB?

Tags:

asp.net

vb.net

active-directory

I am using Active Directory to authenticate users for an intranet site. I would like to refine the users that are authenticated based on the group they are in in Active Directory. Can someone show me or point me to directions on how to find what groups a user is in in ASP.NET 4.0 (VB)?

like image 812
Dave Mackey Avatar asked Jul 06 '10 23:07

Dave Mackey

2 Answers

I realize this post is quite old but I thought I might update it with processes I am using. (ASP.Net 4.0, VB)

If using integrated windows security, on a domain.

Page.User.IsInRole("domain\GroupName") will check to see if the authenticated user is a member of the specified group.

If you would like to check another users group membership other than the authenticated user.

Two stage for checking multiple groups with the same user principal:

Dim MyPrincipal As New System.Security.Principal.WindowsPrincipal _
     (New System.Security.Principal.WindowsIdentity("UserID"))
Dim blnValid1 As Boolean = MyPrincipal.IsInRole("domain\GroupName")

Single stage for checkin a single group:

Dim blnValid2 As Boolean = New System.Security.Principal.WindowsPrincipal _
     (New System.Security.Principal.WindowsIdentity("userID")).IsInRole("domain\GroupName")

NOTE:: The IsInRole method does work with nested groups. If you have a top level group with a sub group that is a member, and the user is a member of the sub group.

like image 103
Jim M Avatar answered Sep 27 '22 15:09

Jim M

I think I have the ultimate function to get all AD groups of an user included nested groups without explicit recursion:

Imports System.Security.Principal

Private Function GetGroups(userName As String) As List(Of String)
    Dim result As New List(Of String)
    Dim wi As WindowsIdentity = New WindowsIdentity(userName)

    For Each group As IdentityReference In wi.Groups
        Try
            result.Add(group.Translate(GetType(NTAccount)).ToString())
        Catch ex As Exception
        End Try
    Next

    result.Sort()
    Return result
End Function

So just use GetGroups("userID"). Because this approach uses the SID of the user, no explicit LDAP call is done. If you use your own user name it will use the cached credentials and so this function is very fast.

The Try Catch is necessary because in large companyies the AD is so big that some SIDs are getting lost in space.

like image 38
Mickey Mouse Avatar answered Sep 27 '22 15:09

Mickey Mouse
Sign in to Comment

Related questions

RequiredFieldValidator with ValidationGroup doesn't validate
ASP.NET MVC and MemoryCache - how do i use it?
How to render the formated text in the report.rdlc (with its format)
Unable to convert MySQL date/time value to System.DateTime in VS2010
Get Value of hidden column of radgrid telerik in asp.net
How to pass bind or eval arguments with the client function "OnClientClicking"
what are the alternatives of SESSION VARIABLES? [duplicate]
VS Express 2013 RC for Web - system cannot find the file specified error
Hide gridview column header
FindControl Returning Null
ASP.NET MVC - Download Excel file from MemoryStream (Corrupt file)
Set Global Variable for Duration of a Request
Catch exceptions in jQuery
Why Encrypt Query Strings in ASP.NET?
Where to start with ASP.net in C# and Dreamweaver?
when insert length of lob data to be replicated exceeds configured maximum 65536
Adding a blank selection item to the list in drop down list
Any real example of using interface related to multiple inheritance
How to clear all textboxs in a DIV using jQuery?
how to unlock an ASPNETDB user account after bad password count lockout?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!