Last post Oct 09, 2015 03:27 AM by smirnov
Oct 08, 2015 12:18 AM|tonywong|LINK
i need to check active directory group by isinrole
it is ok at production server (IIS8, domain controller) but fail at VS studio workstation (VS 2012)
both are at domain, integrated mode, window authenication.
i tried to change from isinrole("group") to isinrole("domain\group"), still failed
i wonder the workstation VS2012 checked the local group of the workstation.
Thanks a lot.
Oct 09, 2015 03:27 AM|smirnov|LINK
It might be e.g. if account used on your local box has no rights to query AD or your machine is in a different domain.
isinrole("group") will not work because for built-in roles, the role string should be in the form "BUILTIN\RoleNameHere"
You can try to enumerate all current roles - maybe it could help to understand the issue
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
// find the roles....
var roles = user.GetAuthorizationGroups();
// enumerate over them
foreach (Principal p in roles)
// do something