You can load the user's memberof property and step through the list of groups. The groups are stored as a collection in their DN. You will need to load the CN for each with a directoryentry and then compare the name with any specific groups you want to check
against. You can do this in your global.asax with the session_start.
Dim entry As DirectoryEntry = New DirectoryEntry(LDAPstr, LDAPuser, LDAPpass)
Try
Dim obj As Object = entry.NativeObject
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(&(objectClass=user)(SAMAccountName=" & username & "))"
search.PropertiesToLoad.Add("memberof")
Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Else
Dim groupColl as object
For Each groupColl in result.Properties("memberof")
Dim GroupArray as Array = groupColl.split(",")
SELECT GroupArray(0).replace("CN=", "")
CASE "SecurityGroupName"
'do something
END SELECT
Next groupColl
End If
Catch ex As Exception
'do something
End Try
You can also do this in another way by doing an AD search with the user's samaccountname and load the security groups and distro lists into seperate lists by searching for the group type as well. I can post that code if you need it.
kouts1
Member
52 Points
43 Posts
check logged on user if is member of a specific group?
Apr 15, 2012 02:26 AM|LINK
What's the best way to check if a user belongs to a specific group after they have logged on using FBA with AD membership provider?
I have tried this but is not working:
If Context.User.IsInRole("admin") Then
End If
Any examples would be great. Thank you!
hiza808
Member
270 Points
75 Posts
Re: check logged on user if is member of a specific group?
Apr 15, 2012 07:26 PM|LINK
http://stackoverflow.com/questions/500061/using-asp-net-membership-provider-how-to-check-if-the-user-is-registered-or-not
kouts1
Member
52 Points
43 Posts
Re: check logged on user if is member of a specific group?
Apr 16, 2012 02:09 PM|LINK
I need to verify that they are a member of a Specific Distribution Group or/and Security Group.
gww
Contributor
2143 Points
458 Posts
Re: check logged on user if is member of a specific group?
Apr 16, 2012 05:53 PM|LINK
You can load the user's memberof property and step through the list of groups. The groups are stored as a collection in their DN. You will need to load the CN for each with a directoryentry and then compare the name with any specific groups you want to check against. You can do this in your global.asax with the session_start.
Dim entry As DirectoryEntry = New DirectoryEntry(LDAPstr, LDAPuser, LDAPpass) Try Dim obj As Object = entry.NativeObject Dim search As DirectorySearcher = New DirectorySearcher(entry) search.Filter = "(&(objectClass=user)(SAMAccountName=" & username & "))" search.PropertiesToLoad.Add("memberof") Dim result As SearchResult = search.FindOne() If (result Is Nothing) Then Else Dim groupColl as object For Each groupColl in result.Properties("memberof") Dim GroupArray as Array = groupColl.split(",") SELECT GroupArray(0).replace("CN=", "") CASE "SecurityGroupName" 'do something END SELECT Next groupColl End If Catch ex As Exception 'do something End TryYou can also do this in another way by doing an AD search with the user's samaccountname and load the security groups and distro lists into seperate lists by searching for the group type as well. I can post that code if you need it.
kouts1
Member
52 Points
43 Posts
Re: check logged on user if is member of a specific group?
Apr 17, 2012 01:24 PM|LINK
Thank you! You got me on the right track. I figured it out using the code below, works great!
Works for both Distro and Security groups!
---------------------------------------------------------
Using ctx As New PrincipalContext(ContextType.Domain, "domain", "username", "password")
Using userPrincipal__1 As UserPrincipal = UserPrincipal.FindByIdentity(ctx, IdentityType.SamAccountName, "username")
Dim isMember As Boolean = userPrincipal__1.IsMemberOf(ctx, IdentityType.Name, "group name")
If isMember = True Then
'logic here
End If
End Using
End Using