Find if a user is a member of an ASP.NET VB Active Directory group?

Question

Find if a user is a member of an ASP.NET VB Active Directory group?

I am using Active Directory to authenticate users for an intranet site. I would like to clarify authenticated users based on the group in which they are in Active Directory. Can someone show me or tell me how to find which user groups are in ASP.NET 4.0 (VB)?

+6

vb.net asp.net active-directory

davemackey Jul 6 '10 at 23:31

source share

5 answers

I understand that this post is quite old, but I thought that I could update it using the processes that I use. (ASP.Net 4.0, VB)

If you use integrated window protection in a domain.

Page.User.IsInRole("domain\GroupName") checks if the authenticated user is a member of the specified group.

If you want to check other membership in the user group, besides the authenticated user.

Two steps for checking multiple groups with the same user:

 Dim MyPrincipal As New System.Security.Principal.WindowsPrincipal _ (New System.Security.Principal.WindowsIdentity("UserID")) Dim blnValid1 As Boolean = MyPrincipal.IsInRole("domain\GroupName")

One step to test one group:

 Dim blnValid2 As Boolean = New System.Security.Principal.WindowsPrincipal _ (New System.Security.Principal.WindowsIdentity("userID")).IsInRole("domain\GroupName")

NOTE :: The IsInRole method works with nested groups. If you have a top-level group with a subgroup that is a member and the user is a member of a subgroup.

+11

Jim m Jan 25 '12 at 4:23

source share

I think I have a final function so that all AD user groups include nested groups without explicit recursion:

Imports System.Security.Principal

 Private Function GetGroups(userName As String) As List(Of String) Dim result As New List(Of String) Dim wi As WindowsIdentity = New WindowsIdentity(userName) For Each group As IdentityReference In wi.Groups Try result.Add(group.Translate(GetType(NTAccount)).ToString()) Catch ex As Exception End Try Next result.Sort() Return result End Function

So just use GetGroups ("userID"). Since this approach uses the user SID, no explicit LDAP call is made. If you use your own username, it will use cached credentials, and therefore this function is very fast.

The Try Catch is necessary because in large companies, AD is so large that some SIDs are lost in space.

+5

Mickey mouse Oct 16 '13 at 12:23

source share

For those who may be interested, here is how I ended up coding it:

 Dim ID As FormsIdentity = DirectCast(User.Identity, FormsIdentity) Dim ticket As FormsAuthenticationTicket = ID.Ticket Dim adTicketID As String = ticket.Name Dim adSearch As New DirectorySearcher adSearch.Filter = ("(userPrincipalName=" & adTicketID & ")") Dim adResults = adSearch.FindOne.Path Dim adResultsDirectory As New DirectoryEntry(adResults) Dim found As Boolean = False For Each entry In adResultsDirectory.Properties("memberOf") Response.Write(entry) Response.Write("<br/>") If entry = "CN=GroupName,CN=UserGroup,DC=my,DC=domain,DC=com" Then found = True End If Next If Not (found) Then Response.Redirect("login.aspx") End If

+4

davemackey Jul 07 '10 at 18:56

source share

To simply check if a user is a member of a group, including only subgroups:

  Public Function IsInGroup(ByVal objectName As String, groupName As String) As Boolean Try return New WindowsPrincipal(New WindowsIdentity(objectName)).IsInRole(groupName)) Catch ex As Exception End Try Return False End Function

0

Mickey mouse Jul 20 '16 at 13:36

source share

Marko · Accepted Answer · 2010-07-06T23:41:18+0000

I found it here .

''' <summary> ''' Function to return all the groups the user is a member od ''' </summary> ''' <param name="_path">Path to bind to the AD</param> ''' <param name="username">Username of the user</param> ''' <param name="password">password of the user</param> Private Function GetGroups(ByVal _path As String, ByVal username As String, _ ByVal password As String) As Collection Dim Groups As New Collection Dim dirEntry As New _ System.DirectoryServices.DirectoryEntry(_path, username, password) Dim dirSearcher As New DirectorySearcher(dirEntry) dirSearcher.Filter = String.Format("(sAMAccountName={0}))", username) dirSearcher.PropertiesToLoad.Add("memberOf") Dim propCount As Integer Try Dim dirSearchResults As SearchResult = dirSearcher.FindOne() propCount = dirSearchResults.Properties("memberOf").Count Dim dn As String Dim equalsIndex As String Dim commaIndex As String For i As Integer = 0 To propCount - 1 dn = dirSearchResults.Properties("memberOf")(i) equalsIndex = dn.IndexOf("=", 1) commaIndex = dn.IndexOf(",", 1) If equalsIndex = -1 Then Return Nothing End If If Not Groups.Contains(dn.Substring((equalsIndex + 1), _ (commaIndex - equalsIndex) - 1)) Then Groups.Add(dn.Substring((equalsIndex + 1), & _ (commaIndex - equalsIndex) - 1)) End If Next Catch ex As Exception If ex.GetType Is GetType(System.NullReferenceException) Then MessageBox.Show("Selected user isn't a member of any groups " & _ "at this time.", "No groups listed", _ MessageBoxButtons.OK, MessageBoxIcon.Error) 'they are still a good user just does not 'have a "memberOf" attribute so it errors out. 'code to do something else here if you want Else MessageBox.Show(ex.Message.ToString, "Search Error", & _ MessageBoxButtons.OK, MessageBoxIcon.Error) End If End Try Return Groups End Function End Class

Find if a user is a member of an ASP.NET VB Active Directory group?

More articles: