Menu
I am trying to validate the user is in the "TestGroup" group or not. The user is part of the "TestGroup" group, even i am getting the retval = false @line(retVal = user.IsMemberOf(groupPrincipal);), and in event viewer it is showing msg as "The user name or password is incorrect".
Can you help me in this.
string userName = this.Request.ServerVariables["AUTH_USER"];
if (ValidateUser(userName) == false)
Response.Redirect("Error.aspx?errormsg=" + userName + " does not have permission to view this page");
public static bool ValidateUser(String userName)
{
bool useGroupAuthorization = true;
if (useGroupAuthorization)
return GroupLookup(userName, "TestGroup");
}
private static bool GroupLookup(string userName, string groupName)
{
System.Diagnostics.EventLog appLog = new System.Diagnostics.EventLog();
appLog.Source = "Test App";
bool retVal = false;
PrincipalContext pc = null;
UserPrincipal user = null;
GroupPrincipal groupPrincipal = null;
try
{
string strdomain = "TestDomain";
pc = new PrincipalContext(ContextType.Domain,strdomain);
user = UserPrincipal.FindByIdentity(pc, userName);
groupPrincipal = GroupPrincipal.FindByIdentity(pc, groupName);
retVal = user.IsMemberOf(groupPrincipal);
}
catch (NoMatchingPrincipalException nmpx)
{
appLog.WriteEntry(nmpx.Message);
}
catch (PrincipalOperationException pox)
{
appLog.WriteEntry(pox.Message);
}
catch (Exception ex)
{
if (user == null)
{
appLog.WriteEntry(ex.Message);
}
else
{
appLog.WriteEntry(ex.Message);
}
}
return retVal;
}
// when i tried with below code i am getting userPrincipal is null
// bool retVal = false; string strdomain = "TestDomain";
// PrincipalContext principalCtx = new PrincipalContext(ContextType.Domain, strdomain);
// UserPrincipal queryByExampleUser = new UserPrincipal ( principalCtx );
// queryByExampleUser.SamAccountName = userName;
// PrincipalSearcher principalSearcher = new PrincipalSearcher ( );
// principalSearcher.QueryFilter = queryByExampleUser;
// UserPrincipal userPrincipal = principalSearcher.FindOne ( ) as UserPrincipal;
// retVal = IsUserInGroup("TestGroup", userPrincipal);
// return retVal;
// }
//static bool IsUserInGroup(string groupName, UserPrincipal user)
//{
// PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
// GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity(principalContext, groupName);
// if (user.IsMemberOf(groupPrincipal))
// {
// return true;
// }
// return false;
//}
426
"gpKnownAccountToCheck.Members" not recursive.
Need use method: GetMembers(recursive: true)
var result = groupPrincipal
.GetMembers(true)
.Where(x => x.Sid == userPrincipal.Sid)
.Count() > 0;
UserPrincipal.IsMemberOf(GroupPrincipal) seems to work with some groups and not others. On my domain, it worked with domain\Developers (custom group) but not domain\Domain Users. Go figure. I halted the code in the debugger and examined the list of members of the Domain Users group and found my user in there, but IsMemberOf still returned false. However, I found if I looped through the UserPrincipal object collection in GroupPrincipal.Members I could do the check that way by comparing the UserPrincipal in the collection to the the one I was searching for. Crappy, but the only reliable solution I could find.
Sample code:
string sAccountToCheckSID = upAccountToCheck.Sid.Value;
foreach(UserPrincipal up in gpKnownAccountToCheck.Members)
{
string sKnownSIDInGroup = up.Sid.Value;
if(sKnownSIDInGroup.Equals(sAccountToCheckSID))
{
userMatchingUserObject = userKnownUser;
return true;
}
}
So I don't have the WHY. But that's my work around.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
