Results 1 to 8 of 8

Thread: Check if user is a member of an Active Directory Group

Threaded View

  1. #1

    Thread Starter
    Addicted Member silentthread's Avatar
    Join Date
    Jun 2006
    Location
    Miami, Florida
    Posts
    143

    Thumbs up Check if user is a member of an Active Directory Group

    With the help of some threads in this forum, I was able to put this together.

    This is a function that you pass it the username and the AD group. If it finds a match, it returns true, else false. That way you can control what users can see on the webpage based on their AD rights.

    To use the code below, you must be able to get the username. I believe you need to turn of anonymous access on the virtual directory, via mycomputer, right-click, manage, default website etc.

    Add this to your webconfig file....

    Code:
    <identity impersonate="true" />
    And call something like....

    dim NTLogin as string = Replace(Environment.UserName, "Mydomain\", "")

    To remove the domain name. If you still have problems getting the username, there are many threads in this forum that assist with that.

    Okay, Here is the function for checking if a user is a member of an AD group.
    Please post questions, concerns, comments, suggestions, etc.


    VB Code:
    1. Public Function Check_If_Member_Of_AD_Group(ByVal username As String, _
    2.     ByVal grouptoCheck As String, _
    3.     ByVal domain As String, _
    4.     ByVal ADlogin As String, _
    5.     ByVal ADpassword As String) _
    6.     As Boolean
    7.  
    8.         'This is a function that receives a username to see if it's a
    9.         'member of a specific group in AD.
    10.  
    11.  
    12.         Try
    13.             'First let's put the whole thing in a nice big try catch, and
    14.             'catch any errors.
    15.  
    16.             Dim EntryString As String
    17.             EntryString = "LDAP://" & domain
    18.             'Above, we setup the LDAP basic entry string.
    19.  
    20.             Dim myDE As DirectoryEntry
    21.             'Above, I dimension my DirectoryEntry object
    22.  
    23.  
    24.             grouptoCheck = grouptoCheck.ToLower()
    25.             'The groups returned may have different combinations of
    26.             'lowercase and uppercase, so let's go ahead
    27.             'and make grouptoCheck lowercase.
    28.  
    29.  
    30.             If (ADlogin <> "" AndAlso ADpassword <> "") Then
    31.                 'If they provided a password, then add it
    32.                 'as an argument to the function
    33.                 'I recently learned about AndAlso, and it's pretty
    34.                 'cool. Basically it does not worry about checking
    35.                 'the next condition if the first one is not true.
    36.                 myDE = New DirectoryEntry(EntryString, ADlogin, ADpassword)
    37.                 'Above, we create a new instance of the Directory Entry
    38.                 'Includes login and password
    39.             Else
    40.                 'Else, use the account credentials of the machine
    41.                 'making the request. You might not be able to get
    42.                 'away with this if your production server does not have
    43.                 'rights to query Active Directory.
    44.                 'Then again, there are workarounds for anything.
    45.                 myDE = New DirectoryEntry(EntryString)
    46.                 'Above, we create a new instance of the Directory Entry
    47.                 'Does not include login and password
    48.             End If
    49.  
    50.             Dim myDirectorySearcher As New DirectorySearcher(myDE)
    51.             'Above we create new instance of a DirectorySearcher
    52.             'We also specify the Directory Entry as an argument.
    53.  
    54.             myDirectorySearcher.Filter = "sAMAccountName=" & username
    55.             'Above we specify to filter our results where
    56.             'sAMAccountName is equal to our username passed in.
    57.             myDirectorySearcher.PropertiesToLoad.Add("MemberOf")
    58.             'We only care about the MemberOf Properties, and we
    59.             'specify that above.
    60.  
    61.             Dim myresult As SearchResult = myDirectorySearcher.FindOne()
    62.             'SearchResult is a node in Active Directory that is returned
    63.             'during a search through System.DirectoryServices.DirectorySearcher
    64.             'Above, we dim a myresult object, and assign a node returned
    65.             'from myDirectorySearcher.FindOne()
    66.             'I've never heard of similar login Id's in Active Directory,
    67.             'so I don't think we need to call FindAll(), so Instead
    68.             'we call FindOne()
    69.  
    70.  
    71.             Dim NumberOfGroups As Integer
    72.             NumberOfGroups = myresult.Properties("memberOf").Count() - 1
    73.             'Above we get the number of groups the user is a memberOf,
    74.             'and store it in a variable. It is zero indexed, so we
    75.             'remove 1 so we can loop through it.
    76.  
    77.             Dim tempString As String
    78.             'A temp string that we will use to get only what we
    79.             'need from the MemberOf string property
    80.  
    81.             While (NumberOfGroups >= 0)
    82.                 tempString = myresult.Properties("MemberOf").Item(NumberOfGroups)
    83.                 tempString = tempString.Substring(0, tempString.IndexOf(",", 0))
    84.                 'Above we set tempString to the first index of "," starting
    85.                 'from the zeroth element of itself.
    86.                 tempString = tempString.Replace("CN=", "")
    87.                 'Above, we remove the "CN=" from the beginning of the string
    88.                 tempString = tempString.ToLower() 'Lets make all letters lowercase
    89.                 tempString = tempString.Trim()
    90.                 'Finnally, we trim any blank characters from the edges
    91.  
    92.                 If (grouptoCheck = tempString) Then
    93.                     Return True
    94.                 End If
    95.                 'If we have a match, the return is true
    96.                 'username is a member of grouptoCheck
    97.  
    98.                 NumberOfGroups = NumberOfGroups - 1
    99.             End While
    100.  
    101.  
    102.             'If the code reaches here, there was no match.
    103.             'Return false
    104.             Return False
    105.  
    106.  
    107.         Catch ex As Exception
    108.  
    109.             HttpContext.Current.Response.Write("Error: <br><br>" & ex.ToString)
    110.  
    111.         End Try
    112.  
    113.  
    114.     End Function
    Last edited by silentthread; Jul 10th, 2006 at 05:18 PM.
    Watch media as you download it! Excellent tool!
    FREE CUBA!
    MyBlog
    If you feel my post has helped, please rate it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width