C# - Check For Groups A User Is A Member Of
Sep 9, 2010
i have the code to get the members of a local group example administrators
private void GetUserGrps()
{
using (DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
foreach (object member in (IEnumerable)groupEntry.Invoke("Members"))
{
using (DirectoryEntry memberEntry = new DirectoryEntry(member))
{
new GUIUtility().LogMessageToFile(memberEntry.Path);
}
}
}
Is there a way to get the groups a local user belongs to using directory services?
without using activedirectory or domain in it because i want for the local machine only and not for a domain.
View 1 Replies
Similar Messages:
Apr 21, 2010
I have an ASP.NET 3.5 application using Windows Authentication and implementing our own RoleProvider.
Problem is we want to restrict access to a set of pages to a few thousand users and rathern than inputing all of those one by one we found out they belong to an AD group.
The answer is simple if the common group we are checking membership against the particular user is a direct member of it but the problem I'm having is that if the group is a member of another group and then subsequently member of another group then my code always returns false.
For example: Say we want to check whether User is a member of group E, but User is not a direct member of *E", she is a member of "A" which a member of "B" which indeed is a member of E, therefore User is a member of *E"
One of the solutions we have is very slow, although it gives the correct answer
using (var context = new PrincipalContext(ContextType.Domain))
{
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, "DL-COOL-USERS"))
{
var users = group.GetMembers(true); // recursively enumerate
return users.Any(a => a.Name == "userName");
}
}
The original solution and what I was trying to get to work, using .NET 3.5 System.DirectoryServices.AccountManagement and it does work when users are direct members of the group in question is as follows:
public bool IsUserInGroup(string userName, string groupName)
{
var cxt = new PrincipalContext(ContextType.Domain, "DOMAIN");
var user = UserPrincipal.FindByIdentity(cxt, IdentityType.SamAccountName, userName);
if (user == null)
{
return false;
}
var group = GroupPrincipal.FindByIdentity(cxt, groupName);
if (group == null)
{
return false;
}
return user.IsMemberOf(group);
}
The bottom line is, we need to check for membership even though the groups are nested in many levels down.
View 3 Replies
Dec 18, 2010
i have a code to get the groups a user belongs to.
try
{
DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));
DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");
object obGroups = user.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
return false;
}
the above code works fine when i have to find the groups of a local user but
for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.
Research
I did some finding and got that i am being returned the primary group of the domain user
called "Domain User" group
but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions
another code using LDAP
string domain = Environment.UserDomainName;
DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher search = new DirectorySearcher();
search.SearchRoot = DE;
search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name
search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups
try
{
SearchResult result = search.FindOne(); // Grab the records and assign them to result
if (result != null)
{
DirectoryEntry theUser = result.GetDirectoryEntry();
theUser.RefreshCache(new string[] { "tokenGroups" });
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);
DirectorySearcher sidSearcher = new DirectorySearcher();
sidSearcher.SearchRoot = DE;
sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
sidSearcher.PropertiesToLoad.Add("distinguishedName");
SearchResult sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
}
}
}
else
{
new GUIUtility().LogMessageToFile("no user found");
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
return false;
}
this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...?
View 2 Replies
Feb 25, 2010
I have two member roles at my project:
1.) Administrator
2.) Member
From the toolbox in Visual Studio 2008, I have dragged and dropped the create user wizard into the stage. I aim that a guest can register itself and automatically join the "member" role. Not the role "administrator". How can I do that?
View 9 Replies
Feb 21, 2010
[Code]....
Is the best or only way to check if member has any roles at all, ak zero roles ?
View 1 Replies
Sep 29, 2010
I am "DomainMyDomainUserName" If I do this:
[Code]....
I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:
[Code]....
I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:
[Code]....
I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:
[Code]....
I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.
What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).
View 2 Replies
Feb 1, 2011
I have a user that when I attempt to enumerate her groups using either System.Security.Principal.WindowsIdentity.GetCurrent().Groups on user's computer
or System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups on the IIS server, I get a list of their old groups, not their new. I have checked the DC that they authenticate to and the ASP.NET page is running inside a SharePoint instance so the LogonUserIdentity most like is being provided from there Kerberos ticket.
Should I be looking up the groups directly from the AD instead of relying on the WindowsIdentity or LogonUserIdentity?
View 1 Replies
Mar 15, 2011
I use this code to get the groups of the current user. But I want to manually give the user and then get his groups. How can I do this?
[code]....
View 2 Replies
Mar 31, 2011
In asp.net/c#, is there a way to find all of the AD level user groups from a given domain in which the logged in user belongs to? E.g. I have a domain level user and few groups. I want to pass in the domain name and the logged in user's user name and get a list of AD groups of that particular domain.
View 2 Replies
Sep 8, 2010
I have a windows user accounts which i just created take XYZ for example.
This XYZ belongs to a User group and a custom group i created in Computer Management --> Local users and groups.
So in properties i see that the user belongs to the 2 groups.
Now i want to get those groups and display them. any suggestions???
i have done this but this is not right as it gives me the roles of SQL (i think)
here is what i did:
after logging in and impersonating i call the function
getUserGroups();
private void getUserGroups()
{
// collect the user domain and identity
string[] arr =
System.Web.HttpContext.Current.Request.
LogonUserIdentity.Name.Split('\');
// update the display to show
// the captured domain and user
if (arr.Length > 0)
{
new GUIUtility().LogMessageToFile("User Name" + arr[0].ToString());
new GUIUtility().LogMessageToFile("User Domain" + arr[1].ToString());
}
// create an arraylist and populate
// it with the list of groups that
// the current user belongs to
ArrayList al = new ArrayList();
al = GetGroups();
// check to see if the user belongs
// to a specific group and create
// a list of all of the user's groups
foreach (string s in al)
{
// add this one to the list
new GUIUtility().LogMessageToFile("Group" + s);
// check to see if the user
// belongs to a specific group
//if (s == "BXSWLT\SomeCustomGroup")
//{
// // change the label to show
// // there was a match
// lblMemberOfGroup.Text = "YES";
//}
}
}
public ArrayList GetGroups()
{
ArrayList groups = new ArrayList();
foreach (System.Security.Principal.IdentityReference group in
System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups)
{
groups.Add(group.Translate(typeof
(System.Security.Principal.NTAccount)).ToString());
}
return groups;
}
the Result i get is:
9/8/2010 5:57:22 PM: User Name NT AUTHORITY.
9/8/2010 5:57:22 PM: User Domain IUSR.
9/8/2010 5:57:22 PM: Group Everyone.
9/8/2010 5:57:22 PM: Group BUILTINUsers.
9/8/2010 5:57:22 PM: Group NT AUTHORITYAuthenticated Users.
9/8/2010 5:57:22 PM: Group NT AUTHORITYThis Organization.
9/8/2010 5:57:22 PM: Group LOCAL.
View 1 Replies
Aug 5, 2010
I've been searching for a solution to get a list of the AD Groups for at specific AD user. I'll need the current user logged in and would like to query by the username. The problem is that all the solutions I find on the web uses System.DirectoryServices - and I can't find the dll in my .Net 4.0 webproject (I only have System.DirectoryServices.AccountManagement) - so I can't use any of the examples that I've found. Is there a difference way to query the AD through 4.0 compared to 2.0? I could really use some examples, articles or just good advise to get moving - I'm kind of stuck at the moment.
View 4 Replies
Aug 24, 2010
In C#, how do i access Active Directory to get the list of groups that a certain user belongs to?
The user details are in the form:
"MYDOMAINmyuser"
I've been following the instructions from here but they only work if i have the user details in the form:
"LDAP://sample.com/CN=MySurname MyFirstname,OU=General,OU=Accounts,DC=sample,DC=com"
So maybe what i'm asking is, how to get from the first, shorter, form to the fully qualified form below?
View 2 Replies
Mar 8, 2010
I am having trouble using UserPrincipal.GetGroups in System.DirectoryServices.AccountManagement.
When I use the following code:
PrincipalSearchResult<Principal> groups = userPrincipal.GetGroups();
foreach (GroupPrincipal g in groups){
Console.WriteLine(g.DisplayName);
}
I get the error "The value for the property AttributeScopeQuery cannot be set" in the foreach loop. I also get the same error when using groups.Count()I have read things that indicate this may be due to having some Windows 2000 domain controllers in the domain and so meaning it does not support ASQ.
What is the best way of doing this? The best I have come up with, since most of the rest of my code is running fine using System.DirectoryServices.AccountManagement is using the GetUnderlyingObject method of the UserPrincipal to get a DirectoryEntry and enumerating the values of the memberOf attribute. Using LINQ the code is quite compact:
var groups = from string groupPath in
((DirectoryEntry)userPrincipal.GetUnderlyingObject()).Properties["memberOf"]
select new DirectoryEntry("LDAP://" + groupPath).Name.Replace("CN=", "");
foreach(groupName in groups){
Console.WriteLine(groupName);
}
View 1 Replies
Nov 25, 2010
I have following model class:
public class WebModel
{
public List<ArticleModel> Articles { get; set; }
}
public class ArticleModel
{
public int ID { get; set; }
public double ValueParam { get; set; }
}
Then I have the controller with the two actions:
[Authorize]
public ActionResult Index()
{
WebModel model = new WebModel();
ModelConverter.ConvertToModel(model, controller);
return View(model);
}
[Authorize]
[HttpPost]
[ValidateInput(false)]
public ActionResult Index(WebModel model, string saveButton)
{
ModelValidation.ValidateWebModel(model, ModelState);
if (ModelState.IsValid)
{
return RedirectToAction("Create", "Article");
}
ModelConverter.ConvertToModel(model, controller);
return View(model);
}
And this is my view:
<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<Web.Models.WebModel>" %>
<asp:Content ID="Content1" ContentPlaceHolderID="MainContent" runat="server">
<%var controller = Session["controller"] as Web.Code.SessionController; %>
<%Html.BeginForm(); %>
<div>
<table width="100%">
<%foreach (var article in Model.Articles)
{%>
<tr style="text-align: right">
<td>
<%:Html.DropDownListFor(m=>m.Articles.FirstOrDefault(f=>f.ID == article.ID).ID, new SelectList(controller.CurrentProdukt.Articles.AsEnumerable(), "ID", "Name", article.ID)) %>
</td>
<td>
<%:Html.TextBoxFor(m => m.Articles.FirstOrDefault(f => f.ID == article.ID).ValueParam)%>
</td>
</tr>
<%} %>
</table>
</div>
<table style="width: 100%">
<tr>
<td>
<input type="submit" name="saveButton" value="Save" />
</td>
</tr>
</table>
<%Html.EndForm(); %>
</asp:Content>
If I press the submit button, I get to the second action method in the controller (the one with the HttpPost attribute). In this action, the object model itself is not null, but the "Articles" list inside is null.
View 2 Replies
Jan 15, 2011
I am using custom user membership in asp.NET so user is an object that contains members. One of the user's members is "IsCompanyAdmin".I have a few aspx pages for company administrators only.Is there any way to prevent those pages from non-administrator users using the web.config?
View 2 Replies
Jan 9, 2010
I am looking for a free membership control that sends email to a user, and user musr approve before become a member on site. Do you familiar with such?
View 2 Replies
Jul 6, 2010
I am using Active Directory to authenticate users for an intranet site. I would like to refine the users that are authenticated based on the group they are in in Active Directory. Can someone show me or point me to directions on how to find what groups a user is in in ASP.NET 4.0 (VB)?
View 2 Replies
Apr 4, 2010
i have two types of role, Member and Staff, i also include profile property for both role
My problem is, I'm now unable to assign Member to the newly registered user, I forgotten what i had modify but last time I can do that without any problem.
Im unable to assign member to registered user is because when i login using the registered account, the LoginTemplate switch to a normal LoggedInTemplate instead of Member logged in template that allow member to access to their own page
But on the other hand, i can register my staff, login and access staff page without any problem
This is my code to assign username to role
[Code]....
View 10 Replies
Sep 26, 2010
I am new to asp.net's membership controls. I am trying to figure out how to make a public profile page that will display information about a site member to other users. I thought I would be able to use the profile class and just pass in a parameter such as user name. But I tried:
Profile.GetProfile("username")
'Where username = name of profile I want to retrieve
Response.Write(Profile.Title)
Response.Write(Profile.Company)
However, if the user is logged in this codee just brings back their details, not those of the username requested. What am I doing wrong?
View 4 Replies
Nov 22, 2010
There are 10 check boxes in one page. How to code to allow user only check one?
View 1 Replies
Nov 22, 2010
There are 10 check boxes in one page. How to code to allow user only check one?
View 2 Replies
Apr 1, 2011
I'm trying to get the groups a user is member of from an Open Ldap using vb.net 3.5.
Although so far I have managed to connect to the ldap server and get the user's info like sn, givenname, description, mail, adspath,
I have absolutely no information about the user's groups.
My code is like this:
Dim oEntry as New DirectoryEntry
Dim oSearcher as New DirectorySearcher
oEntry = New DirectoryEntry("LDAP://myServer/ou=test, dc=example, dc=com", username, pwd, AuthenticationTypes.ServerBind)
oSearcher = New DirectorySearcher(oEntry, "(uid=" & uName & ")")
oResult = oSearcher.FindOne()
if not oResult is Nothing then
Dim ADUser as DirectoryEntry
ADUSer = oResult.GetDirectoryEntry()
end if
Well, ADUser has no info on user membership whatsoever.
Am I doing something wrong? Should I use System.DirectoryServices.Protocols as I saw someone mentioning instead
of System.DirectoryServices or is .Protocols just for Framework 2.0?
View 1 Replies
Jul 25, 2010
I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
View 2 Replies
Feb 17, 2014
How to Check whether user is valid and authenticated without using Session in ASP.Net ....
View 1 Replies
Apr 27, 2016
I want to check if a user in User table is found either in UserName Column or in FriendUserName Column in UserFollow table and if yes display lable found, But if no display lable notfound. This code will be excuted onse a user logs in the connection code
protected void Page_Load(object sender, EventArgs e)
{
if (Session["UserName"] != null && Session["UserName"].ToString() != string.Empty)
{
string userName = Session["UserName"].ToString();
if (!this.IsPostBack)
[code]...
View 1 Replies
