Menu
At first I thought the code below works because if I have the group as "IT" it functions correctly because my username is in the IT group in active directory. What I learned is it always returns true whether I have my username in the IT group or not and if i change it to any other group I am in it returns always returns false. Any help would be appreciated.
private void tabControl1_SelectedIndexChanged(object sender, EventArgs e) { // tab control security for admin tab bool admin = checkGroup("IT"); if ((admin == true) && (tabControl1.SelectedTab == tpHistory)) { tabControl1.SelectedTab = tpHistory; } else if ((admin == false) && (tabControl1.SelectedTab == tpHistory)) { tabControl1.SelectedTab = tpRequests; MessageBox.Show("Unable to load tab. You have insufficient privileges.", "Access Denied", MessageBoxButtons.OK, MessageBoxIcon.Stop); } } // check active directory to see if user is in Marketing department group private static bool checkGroup(string group) { WindowsIdentity identity = WindowsIdentity.GetCurrent(); WindowsPrincipal principal = new WindowsPrincipal(identity); return principal.IsInRole(group); } 
848
Use PowerShell Get-ADUser cmdlet get aduser object and using Memberof to get list of ad groups for user belongs to.
You can check active directory group membership using the command line net user or dsget or using the Get-AdGroupMember PowerShell cmdlet to check ad group membership.
To get more database specific information you can go to the database you are interested in and use sys. user_token to get a list of roles/AD groups associated with that database. In this case principal_id is associated with sys. database_principals .
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAINNAME"); // find a user UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName"); // find the group in question GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere"); if(user != null) { // check if user is member of that group if (user.IsMemberOf(group)) { // do something..... } } The new S.DS.AM makes it really easy to play around with users and groups in AD!
179
Slight deviation from @marc_s example, implemented in the static void Main() method in Program:
DomainCtx = new PrincipalContext( ContextType.Domain , Environment.UserDomainName ); if ( DomainCtx != null ) { User = UserPrincipal.FindByIdentity( DomainCtx , Environment.UserName ); } DomainCtx and User are both static properties declared under Program
Then in other forms i simply do something like this:
if ( Program.User.IsMemberOf(GroupPrincipal.FindByIdentity(Program.DomainCtx, "IT-All") )) { //Enable certain Form Buttons and objects for IT Users } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
