How To Check Whether A User Belongs To An AD Group And Nested Groups

Apr 21, 2010

I have an ASP.NET 3.5 application using Windows Authentication and implementing our own RoleProvider.

Problem is we want to restrict access to a set of pages to a few thousand users and rathern than inputing all of those one by one we found out they belong to an AD group.

The answer is simple if the common group we are checking membership against the particular user is a direct member of it but the problem I'm having is that if the group is a member of another group and then subsequently member of another group then my code always returns false.

For example: Say we want to check whether User is a member of group E, but User is not a direct member of *E", she is a member of "A" which a member of "B" which indeed is a member of E, therefore User is a member of *E"

One of the solutions we have is very slow, although it gives the correct answer

using (var context = new PrincipalContext(ContextType.Domain))
{
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, "DL-COOL-USERS"))
{
var users = group.GetMembers(true); // recursively enumerate
return users.Any(a => a.Name == "userName");
}
}

The original solution and what I was trying to get to work, using .NET 3.5 System.DirectoryServices.AccountManagement and it does work when users are direct members of the group in question is as follows:

public bool IsUserInGroup(string userName, string groupName)
{
var cxt = new PrincipalContext(ContextType.Domain, "DOMAIN");
var user = UserPrincipal.FindByIdentity(cxt, IdentityType.SamAccountName, userName);
if (user == null)
{
return false;
}
var group = GroupPrincipal.FindByIdentity(cxt, groupName);
if (group == null)
{
return false;
}
return user.IsMemberOf(group);
}

The bottom line is, we need to check for membership even though the groups are nested in many levels down.

View 3 Replies


Similar Messages:

C# - Find Out User Belongs To Which Groups

Sep 8, 2010

I have a windows user accounts which i just created take XYZ for example.

This XYZ belongs to a User group and a custom group i created in Computer Management --> Local users and groups.

So in properties i see that the user belongs to the 2 groups.

Now i want to get those groups and display them. any suggestions???

i have done this but this is not right as it gives me the roles of SQL (i think)

here is what i did:

after logging in and impersonating i call the function

getUserGroups();

private void getUserGroups()
{
// collect the user domain and identity
string[] arr =
System.Web.HttpContext.Current.Request.
LogonUserIdentity.Name.Split('\');
// update the display to show
// the captured domain and user
if (arr.Length > 0)
{
new GUIUtility().LogMessageToFile("User Name" + arr[0].ToString());
new GUIUtility().LogMessageToFile("User Domain" + arr[1].ToString());
}
// create an arraylist and populate
// it with the list of groups that
// the current user belongs to
ArrayList al = new ArrayList();
al = GetGroups();
// check to see if the user belongs
// to a specific group and create
// a list of all of the user's groups
foreach (string s in al)
{
// add this one to the list
new GUIUtility().LogMessageToFile("Group" + s);
// check to see if the user
// belongs to a specific group
//if (s == "BXSWLT\SomeCustomGroup")
//{
// // change the label to show
// // there was a match
// lblMemberOfGroup.Text = "YES";
//}
}
}
public ArrayList GetGroups()
{
ArrayList groups = new ArrayList();
foreach (System.Security.Principal.IdentityReference group in
System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
{
groups.Add(group.Translate(typeof
(System.Security.Principal.NTAccount)).ToString());
}
return groups;
}

the Result i get is:

9/8/2010 5:57:22 PM: User Name NT AUTHORITY.
9/8/2010 5:57:22 PM: User Domain IUSR.
9/8/2010 5:57:22 PM: Group Everyone.
9/8/2010 5:57:22 PM: Group BUILTINUsers.
9/8/2010 5:57:22 PM: Group NT AUTHORITYAuthenticated Users.
9/8/2010 5:57:22 PM: Group NT AUTHORITYThis Organization.
9/8/2010 5:57:22 PM: Group LOCAL.

View 1 Replies

C# - How To Access Active Directory To Get The List Of Groups That A Certain User Belongs To

Aug 24, 2010

In C#, how do i access Active Directory to get the list of groups that a certain user belongs to?

The user details are in the form:

"MYDOMAINmyuser"

I've been following the instructions from here but they only work if i have the user details in the form:

"LDAP://sample.com/CN=MySurname MyFirstname,OU=General,OU=Accounts,DC=sample,DC=com"

So maybe what i'm asking is, how to get from the first, shorter, form to the fully qualified form below?

View 2 Replies

Active Directory/LDAP :: Getting The Group Name User Belongs To Error

Oct 28, 2010

I have the following AD Strucure

Domain Controller with the Name like abc.com ........> Groups Folder .....>>>UserGroups >>> Subgroup >>>> List of Users


I did the following but not succeed

[Code]....

Iam getting the Count == 0 at the below line

int groupCount = result.Properties["memberOf"].Count;

View 2 Replies

Active Directory/LDAP :: Nested Groups Filter/create A Filter Which Will Return All The Users Which Belong To One Of The "kuku"s Group?

Mar 9, 2010

In my organization we use nested groups. For a particular usage, we have a group (let's assume that the group name "kuku"), and the names of all the nested groups under it contains "kuku" as well.

We may assume that no other group in the LDAP has "kuku" in the name.

I need to create a filter which will return all the users which belong to one of the "kuku"s group.

Obviously, using this filter will bring only the head kukus

(&(&(objectclass=user)(objectclass=person))(memberOf=CN=kuku,cn=...rest of the group DN...))

How can I use wild card to fetch all users which belong to any kuku?

For example: (&(&(objectclass=user)(objectclass=person))(memberOf=CN=.*kuku.*))

View 1 Replies

C# - Check For Groups A User Is A Member Of

Sep 9, 2010

i have the code to get the members of a local group example administrators

private void GetUserGrps()
{
using (DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
foreach (object member in (IEnumerable)groupEntry.Invoke("Members"))
{
using (DirectoryEntry memberEntry = new DirectoryEntry(member))
{
new GUIUtility().LogMessageToFile(memberEntry.Path);
}
}
}

Is there a way to get the groups a local user belongs to using directory services?

without using activedirectory or domain in it because i want for the local machine only and not for a domain.

View 1 Replies

Web Forms :: Check Box Group / Code To Allow User Only Check One?

Nov 22, 2010

There are 10 check boxes in one page. How to code to allow user only check one?

View 2 Replies

Access The Group Of A Linq Group - By Query From A Nested Repeater Control?

Mar 26, 2010

I'm using a linq group by query (with two grouping parameters) and would like to use the resulting data in a nested repeater.

var dateGroups = from row in data.AsEnumerable()
group row by new { StartDate = row["StartDate"], EndDate = row["EndDate"] };
"data" is a DataTable from an SqlDataAdapter-filled DataSet. "dateGroups" is used in the parent repeater, and I can access the group keys using Eval("key.StartDate") and Eval("key.EndDate").

Since dateGroups actually contains all the data rows grouped neatly by Start/End date, I'd like to access those rows to display the data in a child repeater. To what would I set the child repeater's DataSource? I have tried every expression in markup I could think of; I think the problem is that I'm trying to access an anonymous member (and I don't know how.) In case it doesn't turn out to be obvious, what would be the expression to access the elements in each iteration of the child repeater? Is there an expression that would let me set the DataSource in the markup, or will it have to be in the codebehind on some event in the parent repeater?

View 3 Replies

C# - Get Local Groups And Not The Primary Groups For A Domain User

Dec 18, 2010

i have a code to get the groups a user belongs to.

try
{
DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));
DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");
object obGroups = user.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
return false;
}

the above code works fine when i have to find the groups of a local user but

for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.

Research

I did some finding and got that i am being returned the primary group of the domain user

called "Domain User" group

but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions

another code using LDAP

string domain = Environment.UserDomainName;
DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher search = new DirectorySearcher();
search.SearchRoot = DE;
search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name
search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups
try
{
SearchResult result = search.FindOne(); // Grab the records and assign them to result
if (result != null)
{
DirectoryEntry theUser = result.GetDirectoryEntry();
theUser.RefreshCache(new string[] { "tokenGroups" });
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);
DirectorySearcher sidSearcher = new DirectorySearcher();
sidSearcher.SearchRoot = DE;
sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
sidSearcher.PropertiesToLoad.Add("distinguishedName");
SearchResult sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
}
}
}
else
{
new GUIUtility().LogMessageToFile("no user found");
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
return false;
}

this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...?

View 2 Replies

Active Directory/LDAP :: Check If User Is In Group?

Mar 5, 2010

I have som problem verifying that user is in a group and returning boolean value

Private
Function IsExistInAD(ByVal SAMAccountName
As
String)
As

[Code]....

View 1 Replies

Active Directory/LDAP :: Check User Is Related To Particular Group?

Sep 24, 2010

How to check user is related to a particular group , if he is assigned to multiple groups

View 5 Replies

Active Directory/LDAP :: Check User Exists In Which Group?

Sep 3, 2010

After entering user name, i want check user belonging to which group, group is some thing like role based

if group is something group1 , then i want redirect hime to page 1, if groupis 2 then page 2 like that

View 5 Replies

SQL Reporting :: Group Two Detail Tables In A Report With Groups?

Jul 3, 2010

I have a table with a field "item id" that I am joining to two other tables that have multiple records for each item id. In other words, I have 1 item id, 5 records in another table tied to this item and 5 records in another table tied to this item. I am trying to build a report that shows the item and then follow the item with two groupings. Each group would of course have the 5 records per the other two tables. Here is my problem. I can get the report to show an item and one of the detail group of 5 records but for the life of me I cannot get the second group of 5 to group and print. Both groups of 5 get either lumped together or it will print them 1 record at a time switching back and forth. How do you do this? Do I have to do something special in the Sql query or something.

View 1 Replies

Forms Data Controls :: Group / Divide XML Repeater Data Into Groups?

Jan 17, 2011

I have a piece of code which gets clients list from a database and write to XML as follows:

[Code]....

Which Creates XML file as follows:

[Code]....

I need to group the client list in my online site to show(group) each 4 clients within separate div and ul

[Code]....

My target is to use one of the following two directions:

1 - Find a solution to group data while generating the XML file to groups of 4 items

[Code]....

2 - Try to group the xml in my repeater by finding a solution for nasted-like repeater or custom item template and separator template to make the output like the above div/ul structure

I also have no problem if we can do this through the SQL stored procedure

View 2 Replies

Active Directory/LDAP :: LDAP Query To Check If An User Is In A Group Or Not. Creation Of A Portal | Query = Null

Jul 7, 2010

I'm working on a portal, and I need to check users conection on the ldap.

And if users are members of a special group then it works.

I've exactly used this link to make it works : http://msdn.microsoft.com/en-us/library/ff649227.aspx (almost work)

My point is : my ldap path seems good, no error anymore, when I log with my username and password.But when I querry it, it returns null, but I'm sure my user is in the group :

// Bind to the native AdsObject to force authentication. Object obj = entry.NativeObject; DirectorySearcher search = new DirectorySearcher(entry); search.Filter = "(SAMAccountName=" + username + ")"; search.PropertiesToLoad.Add("cn"); SearchResult result = search.FindOne(); if(null == result) { return false; }

I'm a normal user, i test with my account. I'm a member of the group that I'm looking for.

View 8 Replies

Forms Data Controls :: Gridview: Filter Display Results Based On What Roll A User Belongs

Oct 20, 2010

I have enabled User Rolls and assigned several Roll names such as 10, 11, 12, etc. I have a SQL Table that contains various fields of information including one named AuthorizedUserRoll, it's nchar(2).

A logged in user should only see the records in Gridview that matches his/her roll.

I'm using Web Forms and VB.

View 1 Replies

Security :: Web.config Authorization Roles With Local Groups With Domain Groups In Them

Sep 29, 2010

I am "DomainMyDomainUserName" If I do this:

[Code]....

I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:

[Code]....

I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:

[Code]....

I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:

[Code]....

I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.

What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).

View 2 Replies

Enumerating Groups Using WindowsIdentity.GetCurrent() Returns Old Set Of Groups

Feb 1, 2011

I have a user that when I attempt to enumerate her groups using either System.Security.Principal.WindowsIdentity.GetCurrent().Groups on user's computer
or System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups on the IIS server, I get a list of their old groups, not their new. I have checked the DC that they authenticate to and the ASP.NET page is running inside a SharePoint instance so the LogonUserIdentity most like is being provided from there Kerberos ticket.
Should I be looking up the groups directly from the AD instead of relying on the WindowsIdentity or LogonUserIdentity?

View 1 Replies

Forms Data Controls :: User Group List Like Graph / Get The List Of Users Under A Group

Oct 26, 2010

I need to develop a page in my applicaiton like the image for the user lists.

I need to get the list of users under a group and need to show likw this.

View 4 Replies

Using LINQ To Surround All "group" Elements With The New Element "groups" In C#?

Mar 1, 2011

I'm new to LINQ and C# but I have an xml file generated from a database table. Within the XML document is a element called "group", I would like to wrap all group elements with the element called "groups".

An extract of the XML document is:

[Code]....

View 2 Replies

.net - Check If A Radiobutton Is Checked In A Group?

Aug 11, 2010

I have group of radio buttons, each group ranges from 5 - 27 radiobuttons. And if any radio button in a group is checked I store 1 in db else I store 0. Now I'm checking each radiobutton using if loop to see if they are checked and set database value. I'm also trying to use the code below. Is there a good/better approach to check if they are checked or not?Current code:

'rname is radiobutton prefix for a given group
'cnt is number of radiobuttons in the group
Private Function RadioIsChecked(ByVal rname As String, ByVal cnt As Integer) As Integer

[code]...

View 5 Replies

How To Get The Groups Of A User In Active Directory

Mar 15, 2011

I use this code to get the groups of the current user. But I want to manually give the user and then get his groups. How can I do this?

[code]....

View 2 Replies

Any Way To Get Domain Level User Groups?

Mar 31, 2011

In asp.net/c#, is there a way to find all of the AD level user groups from a given domain in which the logged in user belongs to? E.g. I have a domain level user and few groups. I want to pass in the domain name and the logged in user's user name and get a list of AD groups of that particular domain.

View 2 Replies

Web Forms :: Check Any Specified Validation Group Is Failed Or Passed?

Jun 11, 2010

I am using tabstrip control. each tab page have set of controls and each have different validation group. I have a common button to insert / update the tab datas. Now when a user entered the information in the first tab and press insert button, i need to validate second page also.

So i explicitely called Page.validate() metyhod in the insert button to ensure all the validation passed or not. All working fine. But i need to focus the second tab when user finished first page and not finished ssecond page. How can i focus the tab. I mean any way to check which validation group fails?

View 3 Replies

Active Directory/LDAP :: Get AD Groups For User By Username In 4.0

Aug 5, 2010

I've been searching for a solution to get a list of the AD Groups for at specific AD user. I'll need the current user logged in and would like to query by the username. The problem is that all the solutions I find on the web uses System.DirectoryServices - and I can't find the dll in my .Net 4.0 webproject (I only have System.DirectoryServices.AccountManagement) - so I can't use any of the examples that I've found. Is there a difference way to query the AD through 4.0 compared to 2.0? I could really use some examples, articles or just good advise to get moving - I'm kind of stuck at the moment.

View 4 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved