views:

800

answers:

3

So here's my current code:

List<string> rowGroups = GetFileGroups((int)row.Cells["document_security_type"].Value);
bool found = false;
System.Security.Principal.WindowsPrincipal p = new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent());

foreach (string group in rowGroups)
{
  if (p.IsInRole(group))
  {
    found = true;
    break;
  }
}

This was done a couple of months ago by someone and I'm having difficulty grasping why its not working. The company has recently just moved from one domain name to another. So I was curious to what domain controller the p.IsInRole("String") function will use. I'm assuming its going to use the default DC by whatever the computer is using.

The odd item is that the computers in the office where this is running could be on 2 seperate domains. In the List<string> object, i've got both domains possible. so it could contain items such as "domainA\groupA", "domainA\userB", domainB\groupC", and/or "domainB\userD".

So my major problem is that the IsInRole function is never returning true. i know it should, i even tested it with domainA\Domain users and still get a false returned.

Any ideas? changing the code is possible, but not wanted. i'm not 100% i can even compile it...

A: 

I have to point out, are you actually escaping your '\' character correctly inside your strings? As in "domainA\\groupA"?

Chris Marisic
ya.Its worked before. They're strings coming from the database, I'm not declaring them in my code so I don't have to worry about that
Miles
A: 

Well, to fix the problem I just had to specifically add each user of the group instead of the group name...

Anyone else have any ideas?

Miles
A: 

I've seen problems when people try to use Outlook e-mail lists in Active Directory for role based security. These show up in Active Directory and are hard to tell apart from actual security groups (ones you can reference in ACLs, etc). Have your administrator verify whatever groups you are using are security groups.

they are groups. These groups work just fine from the main domain but when tried from the trusted domain, they fail
Miles