G
Guest
Hi,
When a user visits my site (ASP.NET + VB.NET), I need to know if they are in
a particular AD security group in order to display the pertinant information.
When I call UserLookup in code below it works well at returning whether the
user is directly a member of the group. However, if they are contained inside
of an inherited security group, it returns false because it will not search
recursively.
I thought this would be simple to find information on, but apparently I
thought wrong.
Any help would be appreciated.
CODE:
The class has DOMAINNAMEVALUE, SERVERNAMEVALUE and GROUPNAMEVALUE initalized
in the constructor.
Public Function ReturnUsers()
Dim strDirEntryPath As String
strDirEntryPath = "WinNT://" & DomainNameValue & "/" &
ServerNameValue & "/" & GroupNameValue & ",group"
Dim users As Object
Dim group As New DirectoryEntry(strDirEntryPath)
users = group.Invoke("members")
Dim user1 As Object
Dim UsersCollection As New Collection
For Each user1 In CType(users, IEnumerable)
Try
Dim userEntry As New
System.DirectoryServices.DirectoryEntry(user1)
UsersCollection.Add(userEntry.Name)
Catch e1 As Exception
Return e1
Exit Function
End Try
Next
Return UsersCollection
End Function
'returns true/false if a person is in an AD security group or not
Public Function UserLookup(ByVal user As String)
Dim i As Integer
Dim UsersCollection As New Collection
Dim Match As Boolean = False
Match = CheckUser()
UsersCollection = Me.ReturnUsers
For i = 1 To UsersCollection.Count
If UsersCollection.Item(i) = user Then
Match = True
Return Match
End If
Next
End Function
When a user visits my site (ASP.NET + VB.NET), I need to know if they are in
a particular AD security group in order to display the pertinant information.
When I call UserLookup in code below it works well at returning whether the
user is directly a member of the group. However, if they are contained inside
of an inherited security group, it returns false because it will not search
recursively.
I thought this would be simple to find information on, but apparently I
thought wrong.
Any help would be appreciated.
CODE:
The class has DOMAINNAMEVALUE, SERVERNAMEVALUE and GROUPNAMEVALUE initalized
in the constructor.
Public Function ReturnUsers()
Dim strDirEntryPath As String
strDirEntryPath = "WinNT://" & DomainNameValue & "/" &
ServerNameValue & "/" & GroupNameValue & ",group"
Dim users As Object
Dim group As New DirectoryEntry(strDirEntryPath)
users = group.Invoke("members")
Dim user1 As Object
Dim UsersCollection As New Collection
For Each user1 In CType(users, IEnumerable)
Try
Dim userEntry As New
System.DirectoryServices.DirectoryEntry(user1)
UsersCollection.Add(userEntry.Name)
Catch e1 As Exception
Return e1
Exit Function
End Try
Next
Return UsersCollection
End Function
'returns true/false if a person is in an AD security group or not
Public Function UserLookup(ByVal user As String)
Dim i As Integer
Dim UsersCollection As New Collection
Dim Match As Boolean = False
Match = CheckUser()
UsersCollection = Me.ReturnUsers
For i = 1 To UsersCollection.Count
If UsersCollection.Item(i) = user Then
Match = True
Return Match
End If
Next
End Function