Check group member ship or a user

S

Sameh Ahmed

Hello there
Is there a way through dotNet to check if a certain user is a member of a
specific group?
I use ADSI to get the memberships of the user then compare them to the group
I want to check, but this way the user has to be a member of this group
directly and if he is a member of a group that is a member of that group he
will not be considered a member of the group I am checking although he is
implicitly.
so basically what I need is a method that takes the user name and the group
name and check if this user is a member both implicitly or explicitly.
Any ideas?
Regards
Sameh
 
D

DalePres

Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE
 
S

Sameh Ahmed

Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all the
time.
what am I missing here?
Regards and thanks for your time
Sameh
 
D

DalePres

I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres


Sameh Ahmed said:
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all the
time.
what am I missing here?
Regards and thanks for your time
Sameh


DalePres said:
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE
Click to expand...
Click to expand...
 
S

Sameh Ahmed

I am on a local administrator on a stand alone machine, did not try it in a
domain environment.
how do you format the group name in your code?
Regards
Sameh
DalePres said:
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres


Sameh Ahmed said:
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh


DalePres said:
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

Hello there
Is there a way through dotNet to check if a certain user is a member of
a specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of this
group directly and if he is a member of a group that is a member of
that group he will not be considered a member of the group I am
checking although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh
Click to expand...
Click to expand...
Click to expand...
 
D

DalePres

AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

WindowsPrincipal wp = (WindowsPrincipal)Thread.CurrentPrincipal;

bool isUser = wp.IsInRole("BUILTIN\\Users");

bool isDBA = wp.IsInRole("MACHINENAME\\ORA_DBA");


On my machine, with the code above, both IsInRole calls return true.

The code is basically copied directly out of the MSDN library
WindowsPrincipal.IsInRole() documentation.

HTH

DalePres


Sameh Ahmed said:
I am on a local administrator on a stand alone machine, did not try it in a
domain environment.
how do you format the group name in your code?
Regards
Sameh
DalePres said:
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres


Sameh Ahmed said:
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh


Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

Hello there
Is there a way through dotNet to check if a certain user is a member
of a specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of
this group directly and if he is a member of a group that is a member
of that group he will not be considered a member of the group I am
checking although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh
Click to expand...
Click to expand...
Click to expand...
 
D

DalePres

Whoops. I hadn't even realized I had clicked into the vb group for this
thread. If you can't translate the C# to vb, set the code filter in your
MSDN to vb and it should be pretty easy to figure out.

DalePres


DalePres said:
AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

WindowsPrincipal wp = (WindowsPrincipal)Thread.CurrentPrincipal;

bool isUser = wp.IsInRole("BUILTIN\\Users");

bool isDBA = wp.IsInRole("MACHINENAME\\ORA_DBA");


On my machine, with the code above, both IsInRole calls return true.

The code is basically copied directly out of the MSDN library
WindowsPrincipal.IsInRole() documentation.

HTH

DalePres


Sameh Ahmed said:
I am on a local administrator on a stand alone machine, did not try it in
a domain environment.
how do you format the group name in your code?
Regards
Sameh
DalePres said:
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres


Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh


Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the
User.IsInRole() implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

Hello there
Is there a way through dotNet to check if a certain user is a member
of a specific group?
I use ADSI to get the memberships of the user then compare them to
the group I want to check, but this way the user has to be a member
of this group directly and if he is a member of a group that is a
member of that group he will not be considered a member of the group
I am checking although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh
Click to expand...
Click to expand...
Click to expand...
 
J

Joe Kaplan \(MVP - ADSI\)

Just out of curiosity, what version of .NET are you using? Early versions
of 1.0 had a bug where IsInRole was case sensitive.

The other thing I'd suggest is using reflection to troubleshoot the problem
by accessing the private _GetRoles method on WindowsIdentity. A quick
Google search should turn up some sample code that shows you how to do it.

http://groups-beta.google.com/group/microsoft.public.dotnet.security/msg/1f5ce5f46ae876a6

Joe K.

Sameh Ahmed said:
I am on a local administrator on a stand alone machine, did not try it in a
domain environment.
how do you format the group name in your code?
Regards
Sameh
DalePres said:
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres


Sameh Ahmed said:
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh


Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

Hello there
Is there a way through dotNet to check if a certain user is a member
of a specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of
this group directly and if he is a member of a group that is a member
of that group he will not be considered a member of the group I am
checking although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh
Click to expand...
Click to expand...
Click to expand...
 
S

Sameh Ahmed

I tried it today in an AD environment and it worked just fine.
Not on local machines though!
thanks everybody for your time.
DalePres said:
Whoops. I hadn't even realized I had clicked into the vb group for this
thread. If you can't translate the C# to vb, set the code filter in your
MSDN to vb and it should be pretty easy to figure out.

DalePres


DalePres said:
AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

WindowsPrincipal wp = (WindowsPrincipal)Thread.CurrentPrincipal;

bool isUser = wp.IsInRole("BUILTIN\\Users");

bool isDBA = wp.IsInRole("MACHINENAME\\ORA_DBA");


On my machine, with the code above, both IsInRole calls return true.

The code is basically copied directly out of the MSDN library
WindowsPrincipal.IsInRole() documentation.

HTH

DalePres


Sameh Ahmed said:
I am on a local administrator on a stand alone machine, did not try it in
a domain environment.
how do you format the group name in your code?
Regards
Sameh
I have only gotten IsInRole to work against local groups when I have
been logged in as a local machine user, rather than as a domain user. I
don't know if that is by design or a bug (feature).

HTH

DalePres


Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of
a local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh


Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the
User.IsInRole() implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

Hello there
Is there a way through dotNet to check if a certain user is a member
of a specific group?
I use ADSI to get the memberships of the user then compare them to
the group I want to check, but this way the user has to be a member
of this group directly and if he is a member of a group that is a
member of that group he will not be considered a member of the group
I am checking although he is implicitly.
so basically what I need is a method that takes the user name and
the group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh
Click to expand...
Click to expand...
Click to expand...
 
S

Sameh Ahmed

Joe
the usual thank you:)

Joe Kaplan (MVP - ADSI) said:
Just out of curiosity, what version of .NET are you using? Early versions
of 1.0 had a bug where IsInRole was case sensitive.

The other thing I'd suggest is using reflection to troubleshoot the
problem by accessing the private _GetRoles method on WindowsIdentity. A
quick Google search should turn up some sample code that shows you how to
do it.

http://groups-beta.google.com/group/microsoft.public.dotnet.security/msg/1f5ce5f46ae876a6

Joe K.

Sameh Ahmed said:
I am on a local administrator on a stand alone machine, did not try it in
a domain environment.
how do you format the group name in your code?
Regards
Sameh
DalePres said:
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres


Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh


Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the
User.IsInRole() implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

Hello there
Is there a way through dotNet to check if a certain user is a member
of a specific group?
I use ADSI to get the memberships of the user then compare them to
the group I want to check, but this way the user has to be a member
of this group directly and if he is a member of a group that is a
member of that group he will not be considered a member of the group
I am checking although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Counting multiple memberships 1
Check for computer in AD group 0
Application features bases on SD group membership 1
Check group membership, the sequel 7
ActiveDirectory - check if user is member of a group 5
IF statement with CONCATENATE (I think) 2
Help,I am a abecedarian,AD and global group problem in VB.NET 2
Decide whether a user is member of a group 4

Top