Getting Group Membership

Raterus · Raterus

Hi,

I'm trying to do something that I think should be pretty easy, take the user who is authenticated with the application (intranet application/ integrated windows authentication), and determine if they are in "this group".

Before, I had queried active directory, got the list of groups for the user and compared, but then I realized that the IsInRole Function may actually work in this case. I tried it and it doesn't seem to be working correctly. Here is what I've tried so far.

I'm impersonating in my application, so I tried this....didn't work
Dim blah As WindowsPrincipal = New WindowsPrincipal(System.Security.Principal.Windows Identity.GetCurrent())
If blah.IsInRole("Domain Admins") = True Then
'is a domain admin
End If

Then I tried this:
If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
'is a domain admin
End If

Still didn't return true (I am a member of this group too!) Am I missing something here, or so I just go back to querying active directory myself for group membership?

Thanks for any help!
--Michael

Hernan de Lahitte · Hernan de Lahitte

Try to add the domain before the group name (i.e. "domain\\Domain Admins" )

--
Hernan de Lahitte
Lagash Systems S.A.
[url]http://weblogs.asp.net/hernandl[/url]

This posting is provided "AS IS" with no warranties, and confers no rights.

"Raterus" <moc.liamtoh@suretar.reverse> wrote in message
news:e9sUFEolEHA.3968@TK2MSFTNGP11.phx.gbl...
Hi,

I'm trying to do something that I think should be pretty easy, take the user
who is authenticated with the application (intranet application/ integrated
windows authentication), and determine if they are in "this group".

Before, I had queried active directory, got the list of groups for the user
and compared, but then I realized that the IsInRole Function may actually
work in this case. I tried it and it doesn't seem to be working correctly.
Here is what I've tried so far.

I'm impersonating in my application, so I tried this....didn't work
Dim blah As WindowsPrincipal = New
WindowsPrincipal(System.Security.Principal.Windows Identity.GetCurrent())
If blah.IsInRole("Domain Admins") = True Then
'is a domain admin
End If

Then I tried this:
If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
'is a domain admin
End If

Still didn't return true (I am a member of this group too!) Am I missing
something here, or so I just go back to querying active directory myself for
group membership?

Thanks for any help!
--Michael

Raterus · Raterus

That did it!, thanks

"Hernan de Lahitte" <hernan@lagash.com> wrote in message news:eriBf6plEHA.3016@tk2msftngp13.phx.gbl...

> Try to add the domain before the group name (i.e. "domain\\Domain Admins" )
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> [url]http://weblogs.asp.net/hernandl[/url]
>
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Raterus" <moc.liamtoh@suretar.reverse> wrote in message
> news:e9sUFEolEHA.3968@TK2MSFTNGP11.phx.gbl...
> Hi,
>
> I'm trying to do something that I think should be pretty easy, take the user
> who is authenticated with the application (intranet application/ integrated
> windows authentication), and determine if they are in "this group".
>
> Before, I had queried active directory, got the list of groups for the user
> and compared, but then I realized that the IsInRole Function may actually
> work in this case. I tried it and it doesn't seem to be working correctly.
> Here is what I've tried so far.
>
> I'm impersonating in my application, so I tried this....didn't work
> Dim blah As WindowsPrincipal = New
> WindowsPrincipal(System.Security.Principal.Windows Identity.GetCurrent())
> If blah.IsInRole("Domain Admins") = True Then
> 'is a domain admin
> End If
>
> Then I tried this:
> If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
> 'is a domain admin
> End If
>
> Still didn't return true (I am a member of this group too!) Am I missing
> something here, or so I just go back to querying active directory myself for
> group membership?
>
> Thanks for any help!
> --Michael
>
>

Dominick Baier · Dominick Baier

you have to query roles in the DOMAIN\GroupName format...

---
Dominick Baier - DevelopMentor
[url]http://www.leastprivilege.com[/url]

nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<e9sUFEolEHA.3968@TK2MSFTNGP11.phx.gbl>

Hi,

I'm trying to do something that I think should be pretty easy, take the user who is authenticated with the application (intranet application/ integrated windows authentication), and determine if they are in "this group".

Before, I had queried active directory, got the list of groups for the user and compared, but then I realized that the IsInRole Function may actually work in this case. I tried it and it doesn't seem to be working correctly. Here is what I've tried so far.

I'm impersonating in my application, so I tried this....didn't work
Dim blah As WindowsPrincipal = New WindowsPrincipal(System.Security.Principal.Windows Identity.GetCurrent())
If blah.IsInRole("Domain Admins") = True Then
'is a domain admin
End If

Then I tried this:
If HttpContext.Current.User.IsInRole("Domain Admins") = True Then
'is a domain admin
End If

Still didn't return true (I am a member of this group too!) Am I missing something here, or so I just go back to querying active directory myself for group membership?

Thanks for any help!
--Michael

[microsoft.public.dotnet.framework.aspnet.security]

Getting Group Membership

Thread Tools

Display

Getting Group Membership

Similar Questions and Discussions

ASP.NET - Basic/SSL - Changes in user group membership delayed

Membership site

Checking group membership

LDAP group membership query

Membership of group

Re: Getting Group Membership

Re: Getting Group Membership

Getting Group Membership

Posting Permissions