views:

1433

answers:

3

I am working on an internal web application that will use predefined SharePoint groups for determining a user's security level. I have done some research and found SharePoint's "usergroup" web service which has the method "GetUserCollectionFromGroup()" which will list all of the users in a given SharePoint group.

The problem I am having is some of the predefined SharePoint groups have Active Directory groups added to them, not the individual users. So, when I call GetUserCollectionFromGroup("Members") I get back a single entry for the Active Directory group "DOMAIN\domain users\". Is there a way to check if either a user or an Active Directory group that the user belongs to is a member of a SharePoint group using only SharePoint web services? Or will I need to check the SharePoint group and then lookup any and all Active Directory groups to see if this user is a member there also?

+1  A: 

The code below will check if the user is in a particular group. This includes checking any member AD groups. You will need to build a custom SharePoint webservice to call this code from a remote machine. HTH

public static bool UserIsInGroup(SPUser user, SPGroup group)
        {
            try
            {
                using (SPSite site = new SPSite(group.ParentWeb.Site.ID, user.UserToken))
                {
                    using (SPWeb web = site.OpenWeb(group.ParentWeb.ID))
                    {
                        SPGroup impersonatedGroup = web.SiteGroups[group.Name];

                        return impersonatedGroup.ContainsCurrentUser;

                    }

                }



            }
            catch (Exception e)
            {

                 ///TODO: Log the exception
                  return false;

            }
        }
unclepaul84
Thank you for the help, the only issue is that I do not have access to install anything on the actual SharePoint server. The only access I will have to install to is on a separate web server on the network.
Josh
+1  A: 

Active Directory Security Groups are seen as "Users" in SharePoint. You cannot achieve that in the way you want.

But since you do have the DOMAIN\group you can extend your code after you hit the SharePoint webservices API and use the System.DirectoryServices namespace to resolve your users. You can find a good example on how to get users from a group here.

F.Aquino
Thanks, I was hoping it could all be done through SharePoint web services, but this isn't to bad. Seems to be working well now.
Josh
A: 

See following to get all AD groups from a user
http://urenjoy.blogspot.com/2009/04/getting-active-directory-groups-from.html
and use the AD Groups as a sharepoint user to get the sharepoint groups.

Brij