Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 574
  • Last Modified:

.Net 4.5 application: Unable to determine Active Directory Group membership for nested groups

I have an ASP.Net 4.5 application using integrated security.  I have no problem finding the groups the logged in user is directly a member off but am unable to return the groups they are a member of via nested group membership.  

The code below returns only user who are directly a member of the group:
var MyDomain = new PrincipalContext(ContextType.Domain, "MyDomain");
GroupPrincipal grp = GroupPrincipal.FindByIdentity(MyDomain, IdentityType.Name, "MyGroupName");

foreach (var p in grp.GetMembers(true))
	testing += p.Name + "<br>";

Open in new window


And this code returns only groups the user is directly a member of:

var MyDomain = new PrincipalContext(ContextType.Domain, "MyDomain");
UserPrincipal usr = UserPrincipal.FindByIdentity(MyDomain, Request.LogonUserIdentity.Name);

foreach (var p in usr.GetGroups())
	testing += "<br>" + p.Name;

Open in new window



How can I retrieve all the users associated with a given group or all the groups associated with a given user?

Ideally I want to ask "Is this user a member of this group" like the functionality the IsMemberOf() provides.  This is how I started this only to find that the method does not support nested groups either.
0
canuckconsulting
Asked:
canuckconsulting
1 Solution
 
Ammar GaffarCommented:
Hi,
Try this function
 private bool IsUserInGroup(string groupName, string userName, string domainName)
        {
            bool toReturn = false;
           
                // set up domain context
                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domainName);
                // find a user                
                UserPrincipal user = UserPrincipal.FindByIdentity(ctx, userName);

                // find the group in question
                GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, groupName);
                if (user != null)
                {
                    // check if user is member of that group
                    if (user.IsMemberOf(group))
                    {
                        toReturn = true;
                    }
                }
            
            return toReturn;
        }

Open in new window


I am using this dll: System.DirectoryServices.AccountManagement
Path: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.DirectoryServices.AccountManagement.dll
0
 
canuckconsultingAuthor Commented:
Sorry for delay replying
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now