Additional.
1) It appears that local groups will hide/shadow domain groups.
2) It appears that unqualified names are local groups only:
My.User.IsInRole("VS Developers") ' checks local groups only
3) Does not check Domain Local groups, needs to be a Global group in AD.
FWIW: In VS 2005 (.NET 2.0) you can use the Groups property of
WindowsIdentity to get the list of groups that Identity belongs to:
My.User.InitializeWithWindowsUser()
Dim identity As System.Security.Principal.WindowsIdentity =
TryCast(My.User.CurrentPrincipal.Identity,
System.Security.Principal.WindowsIdentity)
For Each group As System.Security.Principal.SecurityIdentifier In
identity.Groups
Debug.WriteLine(group.Translate(GetType(System.Sec urity.Principal.NTAccount)),
"group")
Next
http://msdn2.microsoft.com/en-us/lib...ty.groups.aspx
--
Hope this helps
Jay [MVP - Outlook]
..NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley -
http://www.tsbradley.net
"Jay B. Harlow [MVP - Outlook]" <Ja************@tsbradley.net> wrote in
message news:e2*************@TK2MSFTNGP09.phx.gbl...
| Bob,
| According to the following:
|
|
http://msdn.microsoft.com/library/de...roletopic2.asp
|
| You need to qualify the name with the domain. However it I don't see it
| working.
|
| Given the following code:
|
| My.User.InitializeWithWindowsUser()
| Debug.WriteLine(My.User.IsInRole("VS Developers"), "VS Developers")
| Debug.WriteLine(My.User.IsInRole("MYDOMAIN\VS Developers"),
| "MYDOMAIN\VS Developers")
|
| Debug.WriteLine(My.User.IsInRole("mydomain.local\V S Developers"),
| "mydomain.local\VS Developers")
|
| Debug.WriteLine(My.User.IsInRole("MYMACHINE\VS Developers"),
| "MYMACHINE\VS Developers")
|
| Where VS Developers is a group at both the domain level & the local level.
| My domain account is a member of both groups
|
| I get the following output:
|
| VS Developers: True
| MYDOMAIN\VS Developers: False
| mydomain.local\VS Developers: False
| MYMACHINE\VS Developers: True
|
| Which suggests to me that I local groups (machine) work, while domain
groups
| don't. Although I may have the syntax wrong or setup wrong.
|
| I just tried "mydomain.local\Schema Admins" and it succeeded, the only
| difference between Schema Admins & VS Developers is that the former is a
| Global group, while the later is a Domain Local group. I'll try changing
VS
| Developers to a Global group also...
|
| --
| Hope this helps
| Jay [MVP - Outlook]
| .NET Application Architect, Enthusiast, & Evangelist
| T.S. Bradley -
http://www.tsbradley.net
|
|
| "Bob" <bd*****@sgiims.com> wrote in message
| news:%2****************@TK2MSFTNGP11.phx.gbl...
|| This a bit of a second post on same subject, my apologies.
||
|| IsinRole function only works with built-in roles. If I create a new group
| on
|| my domain controller then add an existing user to that group, user bob,
|| group TestUsers and then try to determine if
My.user.Isinrole("TestUsers")
| I
|| always get a false, which is incorrect.
|| If I put Bob as part of Administrators or any other built-in group on the
| DC
|| and look at My.User.isinrole("Administrators") I get true, which is
| correct
||
|| Is this a bug? I need to determine if my application's user is part of a
|| group I created on my domain controller. If I can't use isinrole to do
| that,
|| how can I do that? I've looked at the walkthrough for custom
| authentication
|| but that's not what I need to do. I simply need to be able to see if my
| user
|| is in a group I created on the domain controller.
||
|| Any help would be appreciated.
||
|| Bob
||
||
|
|
|