By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,543 Members | 1,887 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,543 IT Pros & Developers. It's quick & easy.

Check group member ship or a user

P: n/a
Hello there
Is there a way through dotNet to check if a certain user is a member of a
specific group?
I use ADSI to get the memberships of the user then compare them to the group
I want to check, but this way the user has to be a member of this group
directly and if he is a member of a group that is a member of that group he
will not be considered a member of the group I am checking although he is
implicitly.
so basically what I need is a method that takes the user name and the group
name and check if this user is a member both implicitly or explicitly.
Any ideas?
Regards
Sameh
Nov 21 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:uj**************@TK2MSFTNGP09.phx.gbl...
Hello there
Is there a way through dotNet to check if a certain user is a member of a
specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of this
group directly and if he is a member of a group that is a member of that
group he will not be considered a member of the group I am checking
although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh

Nov 21 '05 #2

P: n/a
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all the
time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:uj**************@TK2MSFTNGP09.phx.gbl...
Hello there
Is there a way through dotNet to check if a certain user is a member of a
specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of this
group directly and if he is a member of a group that is a member of that
group he will not be considered a member of the group I am checking
although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh


Nov 21 '05 #3

P: n/a
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all the
time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:uj**************@TK2MSFTNGP09.phx.gbl...
Hello there
Is there a way through dotNet to check if a certain user is a member of
a specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of this
group directly and if he is a member of a group that is a member of that
group he will not be considered a member of the group I am checking
although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh



Nov 21 '05 #4

P: n/a
I am on a local administrator on a stand alone machine, did not try it in a
domain environment.
how do you format the group name in your code?
Regards
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:O0*************@TK2MSFTNGP09.phx.gbl...
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:uj**************@TK2MSFTNGP09.phx.gbl...
Hello there
Is there a way through dotNet to check if a certain user is a member of
a specific group?
I use ADSI to get the memberships of the user then compare them to the
group I want to check, but this way the user has to be a member of this
group directly and if he is a member of a group that is a member of
that group he will not be considered a member of the group I am
checking although he is implicitly.
so basically what I need is a method that takes the user name and the
group name and check if this user is a member both implicitly or
explicitly.
Any ideas?
Regards
Sameh



Nov 21 '05 #5

P: n/a
AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.Window sPrincipal);

WindowsPrincipal wp = (WindowsPrincipal)Thread.CurrentPrincipal;

bool isUser = wp.IsInRole("BUILTIN\\Users");

bool isDBA = wp.IsInRole("MACHINENAME\\ORA_DBA");
On my machine, with the code above, both IsInRole calls return true.

The code is basically copied directly out of the MSDN library
WindowsPrincipal.IsInRole() documentation.

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I am on a local administrator on a stand alone machine, did not try it in a
domain environment.
how do you format the group name in your code?
Regards
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:O0*************@TK2MSFTNGP09.phx.gbl...
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:uj**************@TK2MSFTNGP09.phx.gbl...
> Hello there
> Is there a way through dotNet to check if a certain user is a member
> of a specific group?
> I use ADSI to get the memberships of the user then compare them to the
> group I want to check, but this way the user has to be a member of
> this group directly and if he is a member of a group that is a member
> of that group he will not be considered a member of the group I am
> checking although he is implicitly.
> so basically what I need is a method that takes the user name and the
> group name and check if this user is a member both implicitly or
> explicitly.
> Any ideas?
> Regards
> Sameh
>
>



Nov 21 '05 #6

P: n/a
Whoops. I hadn't even realized I had clicked into the vb group for this
thread. If you can't translate the C# to vb, set the code filter in your
MSDN to vb and it should be pretty easy to figure out.

DalePres
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.Window sPrincipal);

WindowsPrincipal wp = (WindowsPrincipal)Thread.CurrentPrincipal;

bool isUser = wp.IsInRole("BUILTIN\\Users");

bool isDBA = wp.IsInRole("MACHINENAME\\ORA_DBA");
On my machine, with the code above, both IsInRole calls return true.

The code is basically copied directly out of the MSDN library
WindowsPrincipal.IsInRole() documentation.

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I am on a local administrator on a stand alone machine, did not try it in
a domain environment.
how do you format the group name in your code?
Regards
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:O0*************@TK2MSFTNGP09.phx.gbl...
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
> Look up the IPrincipal.IsInRole() method. You would use the
> WindowsPrincipal implementation for WindowsForms or the
> User.IsInRole() implementation for WebForms.
>
> DalePres
> MCAD, MCDBA, MCSE
>
> "Sameh Ahmed" <es******@hotmail.com> wrote in message
> news:uj**************@TK2MSFTNGP09.phx.gbl...
>> Hello there
>> Is there a way through dotNet to check if a certain user is a member
>> of a specific group?
>> I use ADSI to get the memberships of the user then compare them to
>> the group I want to check, but this way the user has to be a member
>> of this group directly and if he is a member of a group that is a
>> member of that group he will not be considered a member of the group
>> I am checking although he is implicitly.
>> so basically what I need is a method that takes the user name and the
>> group name and check if this user is a member both implicitly or
>> explicitly.
>> Any ideas?
>> Regards
>> Sameh
>>
>>
>
>



Nov 21 '05 #7

P: n/a
Just out of curiosity, what version of .NET are you using? Early versions
of 1.0 had a bug where IsInRole was case sensitive.

The other thing I'd suggest is using reflection to troubleshoot the problem
by accessing the private _GetRoles method on WindowsIdentity. A quick
Google search should turn up some sample code that shows you how to do it.

http://groups-beta.google.com/group/...5ce5f46ae876a6

Joe K.

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I am on a local administrator on a stand alone machine, did not try it in a
domain environment.
how do you format the group name in your code?
Regards
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:O0*************@TK2MSFTNGP09.phx.gbl...
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
Look up the IPrincipal.IsInRole() method. You would use the
WindowsPrincipal implementation for WindowsForms or the User.IsInRole()
implementation for WebForms.

DalePres
MCAD, MCDBA, MCSE

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:uj**************@TK2MSFTNGP09.phx.gbl...
> Hello there
> Is there a way through dotNet to check if a certain user is a member
> of a specific group?
> I use ADSI to get the memberships of the user then compare them to the
> group I want to check, but this way the user has to be a member of
> this group directly and if he is a member of a group that is a member
> of that group he will not be considered a member of the group I am
> checking although he is implicitly.
> so basically what I need is a method that takes the user name and the
> group name and check if this user is a member both implicitly or
> explicitly.
> Any ideas?
> Regards
> Sameh
>
>



Nov 21 '05 #8

P: n/a
I tried it today in an AD environment and it worked just fine.
Not on local machines though!
thanks everybody for your time.
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:Oz**************@TK2MSFTNGP10.phx.gbl...
Whoops. I hadn't even realized I had clicked into the vb group for this
thread. If you can't translate the C# to vb, set the code filter in your
MSDN to vb and it should be pretty easy to figure out.

DalePres
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl...
AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.Window sPrincipal);

WindowsPrincipal wp = (WindowsPrincipal)Thread.CurrentPrincipal;

bool isUser = wp.IsInRole("BUILTIN\\Users");

bool isDBA = wp.IsInRole("MACHINENAME\\ORA_DBA");
On my machine, with the code above, both IsInRole calls return true.

The code is basically copied directly out of the MSDN library
WindowsPrincipal.IsInRole() documentation.

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I am on a local administrator on a stand alone machine, did not try it in
a domain environment.
how do you format the group name in your code?
Regards
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:O0*************@TK2MSFTNGP09.phx.gbl...
I have only gotten IsInRole to work against local groups when I have
been logged in as a local machine user, rather than as a domain user. I
don't know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
> Well I use IsInRole to check windows built-in Roles
> what I want to do is to check if the current principal is a member of
> a local group called "Mygroup" for example.
> below is what I got from the MSDN
> [Visual Basic]
> Overloads Public Overridable Function IsInRole( _
> ByVal role As String _
> ) As Boolean Implements IPrincipal.IsInRole
>
> I tried "machinename\groupname", "groupname" and it returns False all
> the time.
> what am I missing here?
> Regards and thanks for your time
> Sameh
>
>
> "DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
> news:e2**************@TK2MSFTNGP15.phx.gbl...
>> Look up the IPrincipal.IsInRole() method. You would use the
>> WindowsPrincipal implementation for WindowsForms or the
>> User.IsInRole() implementation for WebForms.
>>
>> DalePres
>> MCAD, MCDBA, MCSE
>>
>> "Sameh Ahmed" <es******@hotmail.com> wrote in message
>> news:uj**************@TK2MSFTNGP09.phx.gbl...
>>> Hello there
>>> Is there a way through dotNet to check if a certain user is a member
>>> of a specific group?
>>> I use ADSI to get the memberships of the user then compare them to
>>> the group I want to check, but this way the user has to be a member
>>> of this group directly and if he is a member of a group that is a
>>> member of that group he will not be considered a member of the group
>>> I am checking although he is implicitly.
>>> so basically what I need is a method that takes the user name and
>>> the group name and check if this user is a member both implicitly or
>>> explicitly.
>>> Any ideas?
>>> Regards
>>> Sameh
>>>
>>>
>>
>>
>
>



Nov 21 '05 #9

P: n/a
Joe
the usual thank you:)

"Joe Kaplan (MVP - ADSI)" <jo*************@removethis.accenture.com> wrote
in message news:uI**************@TK2MSFTNGP15.phx.gbl...
Just out of curiosity, what version of .NET are you using? Early versions
of 1.0 had a bug where IsInRole was case sensitive.

The other thing I'd suggest is using reflection to troubleshoot the
problem by accessing the private _GetRoles method on WindowsIdentity. A
quick Google search should turn up some sample code that shows you how to
do it.

http://groups-beta.google.com/group/...5ce5f46ae876a6

Joe K.

"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
I am on a local administrator on a stand alone machine, did not try it in
a domain environment.
how do you format the group name in your code?
Regards
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:O0*************@TK2MSFTNGP09.phx.gbl...
I have only gotten IsInRole to work against local groups when I have been
logged in as a local machine user, rather than as a domain user. I don't
know if that is by design or a bug (feature).

HTH

DalePres
"Sameh Ahmed" <es******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Well I use IsInRole to check windows built-in Roles
what I want to do is to check if the current principal is a member of a
local group called "Mygroup" for example.
below is what I got from the MSDN
[Visual Basic]
Overloads Public Overridable Function IsInRole( _
ByVal role As String _
) As Boolean Implements IPrincipal.IsInRole

I tried "machinename\groupname", "groupname" and it returns False all
the time.
what am I missing here?
Regards and thanks for your time
Sameh
"DalePres" <don-t-spa-m-me@lea-ve-me-a-lone--.com> wrote in message
news:e2**************@TK2MSFTNGP15.phx.gbl...
> Look up the IPrincipal.IsInRole() method. You would use the
> WindowsPrincipal implementation for WindowsForms or the
> User.IsInRole() implementation for WebForms.
>
> DalePres
> MCAD, MCDBA, MCSE
>
> "Sameh Ahmed" <es******@hotmail.com> wrote in message
> news:uj**************@TK2MSFTNGP09.phx.gbl...
>> Hello there
>> Is there a way through dotNet to check if a certain user is a member
>> of a specific group?
>> I use ADSI to get the memberships of the user then compare them to
>> the group I want to check, but this way the user has to be a member
>> of this group directly and if he is a member of a group that is a
>> member of that group he will not be considered a member of the group
>> I am checking although he is implicitly.
>> so basically what I need is a method that takes the user name and the
>> group name and check if this user is a member both implicitly or
>> explicitly.
>> Any ideas?
>> Regards
>> Sameh
>>
>>
>
>



Nov 21 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.