PrincipalPermission Attribute and Nested Groups

[Anthony Christianson]

The Issue:

Group A contains Group B
Group B contains User 1.

I want to check if User 1 is in Group A.


This:
[PrincipalPermission(SecurityAction.Demand,Role="Gr oup A")]
Fails

This:
[PrincipalPermission(SecurityAction.Demand,Role="Gr oup B")]
Succeeds.


Since Group B is a memberOf Group A, they both should succeed.

I have tried :

WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
if( principal.IsInRole("Group A"))
{
Debug.WriteLine("Yippee");
}

And this does not work.

Does anyone have a answer as to how I can quickly check to see if User 1 is
in Group A

[Joe Kaplan \(MVP - ADSI\)]

This does definitely work. However, there are a few requirements:
- Your AD domain needs to be in 2000 native mode or 2003 functional level
- Group A needs to have the security bit set on the groupType

If both of those are true, you should have no problems. If not, then that
is the problem. If those are both true and it still isn't working, it could
be an issue of having the group name (domain\samAccountName) incorrect.

HTH,

Joe K.

"Anthony Christianson" <achristianson@momentuminteractive.com> wrote in
message news:udxMAHbHEHA.3564@TK2MSFTNGP09.phx.gbl...

> The Issue:
>
> Group A contains Group B
> Group B contains User 1.
>
> I want to check if User 1 is in Group A.
>
>
> This:
> [PrincipalPermission(SecurityAction.Demand,Role="Gr oup A")]
> Fails
>
> This:
> [PrincipalPermission(SecurityAction.Demand,Role="Gr oup B")]
> Succeeds.
>
>
> Since Group B is a memberOf Group A, they both should succeed.
>
> I have tried :
>
> WindowsIdentity identity = WindowsIdentity.GetCurrent();
> WindowsPrincipal principal = new WindowsPrincipal(identity);
> if( principal.IsInRole("Group A"))
> {
> Debug.WriteLine("Yippee");
> }
>
> And this does not work.
>
> Does anyone have a answer as to how I can quickly check to see if User 1

is

> in Group A
>
>