Active Directory
-
I have an ASP.NET web application thats runs under the identity of the logged on user. I need to check active directory to see whether that user is a member of a group. I cannot seem to get this code to work. I am wondering whether it is a permissions problem? Any ideas?
Public Shared Function GetGroups() As String Dim sGroups As String Dim sUserName As String = HttpContext.Current.User.Identity.Name Dim sDistinguishedGroupContainerName As String Dim sMatrixAdminGroup As String Dim sNameTranslateDomain As String sDistinguishedGroupContainerName = "CN=Users,DC=development,DC=XXXX,DC=com" sMatrixAdminGroup = "XXXX_admins" sNameTranslateDomain = "development.XXXX.com" Dim domainAndUsername As String = sNameTranslateDomain + "\" + sUserName Dim sDirectoryEntryPath As String = "LDAP://" & sDistinguishedGroupContainerName Dim entry As DirectoryEntry = New DirectoryEntry(sDirectoryEntryPath) Try ' Bind to the native AdsObject to force authentication. Dim obj As Object = entry.NativeObject Dim search As DirectorySearcher = New DirectorySearcher(entry) search.Filter = "(SAMAccountName=" + sUserName + ")" search.PropertiesToLoad.Add("cn") search.PropertiesToLoad.Add("memberOf") Dim result As SearchResult = search.FindOne() Dim RPVC As ResultPropertyValueCollection = result.Properties("memberOf") If Not RPVC Is Nothing Then Dim propertyCount As Integer = RPVC.Count Dim dn As String Dim equalsIndex As Integer, commaIndex As Integer Dim propertyCounter As Integer For propertyCounter = 0 To propertyCount - 1 Step propertyCounter + 1 dn = CType(result.Properties("memberOf")(propertyCounter), String) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If -1 = equalsIndex Then Return Nothing End If sGroups &= dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1) & ";" Next End If If sGroups.Length > 0 Then sGroups = sGroups.Substring -
I have an ASP.NET web application thats runs under the identity of the logged on user. I need to check active directory to see whether that user is a member of a group. I cannot seem to get this code to work. I am wondering whether it is a permissions problem? Any ideas?
Public Shared Function GetGroups() As String Dim sGroups As String Dim sUserName As String = HttpContext.Current.User.Identity.Name Dim sDistinguishedGroupContainerName As String Dim sMatrixAdminGroup As String Dim sNameTranslateDomain As String sDistinguishedGroupContainerName = "CN=Users,DC=development,DC=XXXX,DC=com" sMatrixAdminGroup = "XXXX_admins" sNameTranslateDomain = "development.XXXX.com" Dim domainAndUsername As String = sNameTranslateDomain + "\" + sUserName Dim sDirectoryEntryPath As String = "LDAP://" & sDistinguishedGroupContainerName Dim entry As DirectoryEntry = New DirectoryEntry(sDirectoryEntryPath) Try ' Bind to the native AdsObject to force authentication. Dim obj As Object = entry.NativeObject Dim search As DirectorySearcher = New DirectorySearcher(entry) search.Filter = "(SAMAccountName=" + sUserName + ")" search.PropertiesToLoad.Add("cn") search.PropertiesToLoad.Add("memberOf") Dim result As SearchResult = search.FindOne() Dim RPVC As ResultPropertyValueCollection = result.Properties("memberOf") If Not RPVC Is Nothing Then Dim propertyCount As Integer = RPVC.Count Dim dn As String Dim equalsIndex As Integer, commaIndex As Integer Dim propertyCounter As Integer For propertyCounter = 0 To propertyCount - 1 Step propertyCounter + 1 dn = CType(result.Properties("memberOf")(propertyCounter), String) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If -1 = equalsIndex Then Return Nothing End If sGroups &= dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1) & ";" Next End If If sGroups.Length > 0 Then sGroups = sGroups.SubstringHi Jim, Since your web application is running with Integrated Windows Authorization, you should be able to take the shortcut to checking group membership. The
Principalobject for the current user is held in the current HTTP context. Group membership can be verified by using:Context.User.IsInRole("myGroupName");As far as the code you posted, I'm not sure why it isn't working. Nothing pops out as incorrect at first glance... but, to be honest, I'm lazy this morning and I didn't look at it closely. :zzz: Hope that helps. :) --Jesse
-
Hi Jim, Since your web application is running with Integrated Windows Authorization, you should be able to take the shortcut to checking group membership. The
Principalobject for the current user is held in the current HTTP context. Group membership can be verified by using:Context.User.IsInRole("myGroupName");As far as the code you posted, I'm not sure why it isn't working. Nothing pops out as incorrect at first glance... but, to be honest, I'm lazy this morning and I didn't look at it closely. :zzz: Hope that helps. :) --Jesse
Thanks, I shall try that. Jim