vb.net Check A/D group membership

I have an asp.net project with vb.net code behind.  I am trying to check active directory group membership.
the code I am using below works when I am testing it on my computer, but when I publish the app to a window 2008 r2 IIS server the check fails.. I suspect it is checking the wrong user... here is the code... thanks for the help in advance

    Public Function IsInGroup(ByVal GroupName As String) As Boolean
        Dim MyIdentity As System.Security.Principal.WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent()
        Dim MyPrincipal As System.Security.Principal.WindowsPrincipal = New System.Security.Principal.WindowsPrincipal(MyIdentity)
        Return MyPrincipal.IsInRole(GroupName)
    End Function

Open in new window

David ModugnoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Carl TawnSystems and Integration DeveloperCommented:
If you are running this under the debugger on your local machine then it will be picking up your user account. Once you transfer to the server you will probably find it is actually picking up the account that the app pool is running under, which i assume isn't what you want.

If your app is using Windows Authentication then you could try grabbing the current user using the following instead:
Dim user As String = Request.ServerVariables("LOGON_USER")

Open in new window

David ModugnoAuthor Commented:
I get request is not declared.. is something I need to include...
Carl TawnSystems and Integration DeveloperCommented:
If your method is somewhere other than in the code-behind you might need to use full resolution:
Dim user As String = HttpContext.Current.Request.ServerVariables("LOGON_USER")

Open in new window

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

David ModugnoAuthor Commented:
thanks Carl... sorry I'm new at this... but once I have the name how would I check the group membership
David ModugnoAuthor Commented:
I did find this that looks promising, but I am not sure how to check groupNames for one group
thanks

        Public Function ValidateActiveDirectoryLogin(ByVal GroupName As String) As Boolean
        Dim userName = Environment.UserName

        ' create a domain context
        Dim DC = New PrincipalContext(ContextType.Domain)

        ' find a user in the domain
        Dim user = UserPrincipal.FindByIdentity(DC, userName)

        ' get the user's groups
        Dim groups = user.GetGroups()

        ' get the user's first and last name
        Dim firstName = user.GivenName
        Dim lastName = user.Surname

        ' get the distinguishednames for all groups of the user
        Dim groupNames = From g In groups Select g.DistinguishedName



    End Function

Open in new window

David ModugnoAuthor Commented:
I tried this and it works locally just fine.. but no luck after published to the server
        Public Function ValidateActiveDirectoryLogin(ByVal GroupName As String) As Boolean
        Dim userName = HttpContext.Current.Request.ServerVariables("LOGON_USER")

        ' create a domain context
        Dim DC = New PrincipalContext(ContextType.Domain)

        ' find a user in the domain
        Dim user = UserPrincipal.FindByIdentity(DC, userName)

        ' get the user's groups
        Dim groups = user.GetGroups()

        ' get the user's first and last name
        Dim firstName = user.GivenName
        Dim lastName = user.Surname

        ' get the distinguishednames for all groups of the user
        Dim groupNames = From g In groups Select g.DistinguishedName.ToArray

        For Each i As String In groupNames
            If i Like "*TOPS_UpdateProjectInfo*" Then
                Return True
            End If
        Next
        Return False
    End Function

Open in new window

David ModugnoAuthor Commented:
So silly me... it has been working the entire time.. well at least it could have been...
I did not notice that when I open the page published on the server that it was logging in with my admin account that is not in the group...
I added that account to the group and now it works

Here is what I ended up using
        Public Function ValidateActiveDirectoryLogin(ByVal GroupName As String) As Boolean
        Dim userName = System.Web.HttpContext.Current.User.Identity.Name
        'Dim userName = HttpContext.Current.Request.ServerVariables("LOGON_USER")
        'Dim userName = user.Identity.Name.ToString

        ' create a domain context
        Dim DC = New PrincipalContext(ContextType.Domain)

        ' find a user in the domain
        Dim user1 = UserPrincipal.FindByIdentity(DC, userName)

        ' get the user's groups
        Dim groups = user1.GetGroups()

        ' get the user's first and last name
        Dim firstName = user1.GivenName
        Dim lastName = user1.Surname

        ' get the distinguishednames for all groups of the user
        Dim groupNames = From g In groups Select g.DistinguishedName.ToArray

        For Each i As String In groupNames
            If i Like "*TOPS_UpdateProjectInfo*" Then
                Return True
            End If
        Next
        Return False
        'Return True
    End Function

Open in new window

Carl TawnSystems and Integration DeveloperCommented:
Glad you got it sorted.

These two lines:
Dim userName = System.Web.HttpContext.Current.User.Identity.Name
Dim userName = HttpContext.Current.Request.ServerVariables("LOGON_USER")

Open in new window

Essentially do the same thing, the User object of the context just wraps it up a bit more neatly.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David ModugnoAuthor Commented:
Thanks for the help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET App Servers

From novice to tech pro — start learning today.