Checking Domain Group Membership

[Scott]

I need to be able to verify group membership in my C#
application. All the examples I seem to find show how to
query the BUILTIN groups. I need to be able to query the
DOMAIN groups. Can I have code examples on how to
accomplish this. I tried the following code (in a test
Console Application) and all it returns
is "DOMAIN\MYUSERNAME belongs to: " and then nothing.

Any help would be appreciated. Thank you.


public static void DemonstrateWindowsBuildInRoleEnum()
{
AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy
(PrincipalPolicy.WindowsPrincipal);

WindowsPrincipal myPrincipal = (WindowsPrincipal)
Thread.CurrentPrincipal;

Console.WriteLine("{0} belongs to: ",
myPrincipal.Identity.Name.ToString());

Array wbirFields = Enum.GetValues(typeof
(WindowsBuiltInRole));

foreach (object roleName in wbirFields)
{
try
{
Console.WriteLine("{0}? {1}.", roleName,
myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
}

catch
{
Console.WriteLine("{0}: Could not obtian role for this
RID.", roleName);
}

finally
{
Console.WriteLine("{0}? {1}. (finally) ", roleName,
myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
}
}
}

 

[Willy Denoyette [MVP]]

Scott wrote:
|| I need to be able to verify group membership in my C#
|| application. All the examples I seem to find show how to
|| query the BUILTIN groups. I need to be able to query the
|| DOMAIN groups. Can I have code examples on how to
|| accomplish this. I tried the following code (in a test
|| Console Application) and all it returns
|| is "DOMAIN\MYUSERNAME belongs to: " and then nothing.


You should use the IsInrole(string ...) overload method, the role string should be in the form "MACHINENAME\RoleName" and
"DOMAINNAME\RoleName".

Willy.

 

[Scott]

When I do that, and I put a console line immediatly before
that line, and one after, my code never hits the code
after. Here is the new code insert I used (all I get now
is the ConsoleWriteLine just before the IsInRole line.

//Use Overloaded "IsInRole" method
try
{
Console.WriteLine("Running group lookup for {0}.",
myPrincipal.Identity.Name.ToString());

if (myPrincipal.IsInRole(@"DEXTER\IS"))
{
Console.WriteLine("{0} is in the DEXTER\\IS group!",
myPrincipal.Identity.Name.ToString());
}
else
{
Console.WriteLine("{0} is not in the DEXTER\\IS group!",
myPrincipal.Identity.Name.ToString());
}
}
catch (Exception)
{
Console.WriteLine("Unknown error");
}

-----Original Message-----
Scott wrote:
|| I need to be able to verify group membership in my C#
|| application. All the examples I seem to find show how to
|| query the BUILTIN groups. I need to be able to query the
|| DOMAIN groups. Can I have code examples on how to
|| accomplish this. I tried the following code (in a test
|| Console Application) and all it returns
|| is "DOMAIN\MYUSERNAME belongs to: " and then nothing.


You should use the IsInrole(string ...) overload method,

the role string should be in the
form "MACHINENAME\RoleName" and

 

[Willy Denoyette [MVP]]

Scott wrote:
|| When I do that, and I put a console line immediatly before
|| that line, and one after, my code never hits the code
|| after. Here is the new code insert I used (all I get now
|| is the ConsoleWriteLine just before the IsInRole line.
||
|| //Use Overloaded "IsInRole" method
|| try
|| {
|| Console.WriteLine("Running group lookup for {0}.",
|| myPrincipal.Identity.Name.ToString());
||
|| if (myPrincipal.IsInRole(@"DEXTER\IS"))
|| {
|| Console.WriteLine("{0} is in the DEXTER\\IS group!",
|| myPrincipal.Identity.Name.ToString());
|| }
|| else
|| {
|| Console.WriteLine("{0} is not in the DEXTER\\IS group!",
|| myPrincipal.Identity.Name.ToString());
|| }
|| }
|| catch (Exception)
|| {
|| Console.WriteLine("Unknown error");
|| }
||
||
||

Do you mean it doesn't execute any of the WriteLine's in the 'If' 'else' and catch blocks?
What does the program do at that point, when running in the debugger?

Willy.