.Net 2013 (VB) in a web page: Test if user is member of AD group

D

Demon10000

Supreme [H]ardness
Joined
Aug 20, 2006
Messages
4,502
Good Afternoon:

I'm trying to whip up a little utility, and I'm almost done. It's a web app that is written in VB.

I'm trying to lock down some specific buttons based on group membership in Active Directory. In reading, I should be able to test a users group membership with something like:

Code: 
If my.user.isinrole("domain\groupname") then dosomething

I can't quite get that to work. It always returns false.

I've taken a peek at using another method:
roles.isuserinrole("domain\user", "domain\group") and that throws a new exception:

System.Configuration.Provider.ProviderException was unhandled by user code
HResult=-2146233088
Message=The Role Manager feature has not been enabled.
Source=System.Web
StackTrace:
at System.Web.Security.Roles.EnsureEnabled()
at System.Web.Security.Roles.IsUserInRole(String username, String roleName)
at osdWeb._Default.Page_Load(Object sender, EventArgs e) in H:\Source\project\Default.aspx.vb:line 36
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
InnerException:
Click to expand...


I'm really looking for a method to just toss a group name and check if the currently authenticated user is in the group, and it needs to work recursively (the user might not be in the group, but they might be in a group that's a member of the group I'm checking).

Can anyone point me in the right direction?

Thanks!
 
Which authentication model are you using? It looks like you are using Forms Authentication.
I use System.DirectoryServices.AccountManagement for everything Active Directory related.
 
It's using on premise authentication, and it appears to be working. It's returns my AD username correctly.

I looked into using System.DirectoryServices.AccountManagement, but I didn't have any luck. I'll look further into it.

Thanks for the pointer!
 
You'll need to provide an implementation of the role manager which can be used to validate the on premise authentication. I think this link might provide you some other avenues to look into. Without knowing more it's a bit difficult.

http://msdn.microsoft.com/en-us/library/ff647401.aspx

Basically the Role manager can talk to different providers with the same interface. IE User.IsInRole("RoleName");
 
Turns out I was doing everything right, I just had a momentary lapse of intelligence.

If you're asking if a user is in a role --- make sure you spell the role name right. :)

This code works fine:

Code: 
If my.user.isinrole("domain\groupname") then dosomething
 
You must log in or register to reply here.
Back
Top