asked on

Is UserName A Member Of An AD Security Group?

I am using the code below to check if the user logged onto the PC is a member of a specific AD Security Group. Now I need to perform the same task with a username the user types into a web page and I capture in a string variable (Becaise the user on the web page may not be the user logged into the PC). I'm not sure how to edit the GetGroups Function to allow the username to be passed from a string.

public string IsInGroup(string strGroup)
{
bool _Test = false;
string strTest = "False";
// collect the user domain and identity
string[] arr =
System.Web.HttpContext.Current.Request.
LogonUserIdentity.Name.Split('\\');

ArrayList al = new ArrayList();
al = GetGroups();

// check to see if the user belongs
// to a specific group and create
// a list of all of the user's groups
foreach (string s in al)
{
// check to see if the user
// belongs to a specific group
if (s == strGroup)
{
_Test = true;
//return strTest = "True";
}

}
if (_Test == false)
{
return strTest = "False";
}
else {
return strTest = "True";
}

}
public ArrayList GetGroups()
{
ArrayList groups = new ArrayList();
foreach (System.Security.Principal.IdentityReference group in
System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
{
groups.Add(group.Translate(typeof
(System.Security.Principal.NTAccount)).ToString());
}
return groups;
}

Mlanda T

try these:

Dim cbx as New PrincipalContext(ContextType.Domain,domainName)
Dim user as UserPrincipal = UserPrincipal.findByIdentity(cbx,userName)
Dim groupResults as PrincipalSearchResult(Of Principal) = user.GetGroups()
For Each p as Principal in groupResults
    blGroups.Items.Add(p.Name)
Next

Open in new window

ArrayList results = new ArrayList();

PrincipalContext context = new
PrincipalContext(ContextType.Domain, "DC", "DC=DOMAIN,DC=COM", "domain\\user", "password"); //the account with privileges to get the 

UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "usertogetgroups");

var groups = p.GetAuthorizationGroups();

foreach (var group in groups)
{
	results.Add(group.Name);
}
return results;

Open in new window

robtroller

ASKER

I'm not having any luck converting this to C#. In a nutshell, I wan to query AD for user Security Groups based on a string tht contains the username instead of using the System.Security.Principal.IdentityReference. Seems like it shouldn't be an unusual thing to do as we can pass a username to the DirectoryEntry object to validate username & password. I'm really stuck on this. Any C# assistance would be greately appreciated.

Mlanda T

the second example I gave you is actually c#

robtroller

ASKER

OK, trying again. I am missint a system reference do you know which one?

robtroller

ASKER

Current references are :

using System;
using System.Security;
using System.Collections;
using System.Collections.Generic;
using System.Security.Principal;
using System.Globalization;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.DirectoryServices;

Mlanda T

I have knocked up a sample for you.

In your applicaiton, remember that you need to add a reference to System.DirectoryServices.AccountManagement (in System.DirectoryServices.AccountManagement.dll)
DemoActiveDirectory.zip

ASKER CERTIFIED SOLUTION

robtroller

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

robtroller

ASKER

This is how I resolved the issue