Find If User is Member of Active Directory Group ASP.NET VB?

Question

I am using Active Directory to authenticate users for an intranet site. I would like to refine the users that are authenticated based on the group they are in in Active Directory. Can someone show me or point me to directions on how to find what groups a user is in in ASP.NET 4.0 (VB)?

Answer 1

Hi @davemackey - I found this here.

''' <summary>
''' Function to return all the groups the user is a member od
''' </summary>
''' <param name="_path">Path to bind to the AD</param>
''' <param name="username">Username of the user</param>
''' <param name="password">password of the user</param>
Private Function GetGroups(ByVal _path As String, ByVal username As String, _
                 ByVal password As String) As Collection
    Dim Groups As New Collection
    Dim dirEntry As New _
        System.DirectoryServices.DirectoryEntry(_path, username, password)
    Dim dirSearcher As New DirectorySearcher(dirEntry)
    dirSearcher.Filter = String.Format("(sAMAccountName={0}))", username)
    dirSearcher.PropertiesToLoad.Add("memberOf")
    Dim propCount As Integer
    Try
        Dim dirSearchResults As SearchResult = dirSearcher.FindOne()
        propCount = dirSearchResults.Properties("memberOf").Count
        Dim dn As String
        Dim equalsIndex As String
        Dim commaIndex As String
        For i As Integer = 0 To propCount - 1
            dn = dirSearchResults.Properties("memberOf")(i)
            equalsIndex = dn.IndexOf("=", 1)
            commaIndex = dn.IndexOf(",", 1)
            If equalsIndex = -1 Then
                Return Nothing
            End If
            If Not Groups.Contains(dn.Substring((equalsIndex + 1), _
                                  (commaIndex - equalsIndex) - 1)) Then
                Groups.Add(dn.Substring((equalsIndex + 1), & _
                                       (commaIndex - equalsIndex) - 1))
            End If
        Next
    Catch ex As Exception
        If ex.GetType Is GetType(System.NullReferenceException) Then
            MessageBox.Show("Selected user isn't a member of any groups " & _
                            "at this time.", "No groups listed", _
                            MessageBoxButtons.OK, MessageBoxIcon.Error)
            'they are still a good user just does not
            'have a "memberOf" attribute so it errors out.
            'code to do something else here if you want
        Else
            MessageBox.Show(ex.Message.ToString, "Search Error", & _
 MessageBoxButtons.OK, MessageBoxIcon.Error)
        End If
    End Try
    Return Groups
End Function
End Class

Answer 2

For those who may be interested, this is how I ended up coding it:

Dim ID As FormsIdentity = DirectCast(User.Identity, FormsIdentity)
    Dim ticket As FormsAuthenticationTicket = ID.Ticket
    Dim adTicketID As String = ticket.Name
    Dim adSearch As New DirectorySearcher
    adSearch.Filter = ("(userPrincipalName=" & adTicketID & ")")
    Dim adResults = adSearch.FindOne.Path
    Dim adResultsDirectory As New DirectoryEntry(adResults)
    Dim found As Boolean = False
    For Each entry In adResultsDirectory.Properties("memberOf")
        Response.Write(entry)
        Response.Write("<br/>")
        If entry = "CN=GroupName,CN=UserGroup,DC=my,DC=domain,DC=com" Then
            found = True
        End If

    Next
    If Not (found) Then
        Response.Redirect("login.aspx")
    End If