Defining nested groups for a WindowsIdentity instance

Question

Defining nested groups for a WindowsIdentity instance

Let's say I have an instance WindowsIdentityand you want to get the groups in which it belongs. To get the list, I use the following code:

  WindowsIdentity identity = null;
  // get identity here
  identity.Groups.Translate(typeof(NTAccount)).Select(x => x.Value);

I get something like this:

 "BUILTIN\\Administrators"
 "BUILTIN\\Users"
 "NT AUTHORITY\\INTERACTIVE"
 "CONSOLE LOGON"

I have a local group (say, MYSPECIALGROUP) that has BUILTIN\\Administratorsas its member. MYSPECIALGROUPnot returned in the example above. How to get all groups, including nested ones?

+3

security windows .net identity

Usercontrol Jan 26 '11 at 20:07

source share

1 answer

Adam Nofsinger · Answer 1 · 2011-03-29T15:37:38+0000

Get user group membership from Active Directory

As the answer to this question is explained, the namespace System.DirectoryServices.AccountManagementis what you need:

// get the user identity / roles
PrincipalContext pCtx = new PrincipalContext(ContextType.Domain, 
    Settings.Default.Domain,          // domain
    Settings.Default.DomainReadUser,  // user to access AD with 
    Settings.Default.DomainReadPass); // password of that user

UserPrincipal user = UserPrincipal.FindByIdentity(pCtx, 
    User.Identity.Name.Split('\\').Last()); // Windows Auth current user

// this will have all of the security groups, even nested ones
IEnumerable<Principal> userRoles = user.GetAuthorizationGroups();

, , / WindowsIdentity, :

PrincipalContext pCtx = new PrincipalContext(ContextType.Machine);
UserPrincipal user = UserPrincipal.FindByIdentity(pCtx, 
    identity.Name.Split('\\').Last());

. : .NET Framework 3.5

Defining nested groups for a WindowsIdentity instance

More articles: