tags:

views:

211

answers:

3
Q: 

Detect if user is in a group

How do I detect if an arbitrary user is an administrator on a machine? I have the user's domain and username but not password. The user is NOT the currently logged in user, so I can't just use WindowsIdentity.GetCurrent.

+1  A: 

Use LDAP. See examples here.

Otávio Décio  2009-05-22 18:35:05
Perfect, thanks.
Jonathan Allen  2009-05-22 18:46:56
A: 

You can use System.DirectoryServices to first load the local machine and then search for any users within a given group. Try out the following code:

DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
DirectoryEntry admGroup = localMachine.Children.Find("administrators","group");
object members = admGroup.Invoke("members", null);

Then create a new DirectoryEntry for each member in the members object:

foreach (object groupMember in (IEnumerable)members)
{
  DirectoryEntry member = new DirectoryEntry(groupMember);
  //Do what you want
}

The member object inside of that foreach loop is has a load of data about the user inside it. Compare your member's name with the current one in the loop:

if (memberSearch.name == member.name) {
  return true;
} else {
  return false;
}

You could also search through the members object to find the user etc. There are plenty of ways of doing it. Hope this helps!

Jamie Rumbelow  2009-05-22 18:41:27
+2  A: 

Using UserPrincipal.GetAuthorizationGroups to check if the user is in a group that is allowed administrative access to the machine.

First get a UserPrincipal object using FindByIdentity. Then get the authorization groups that the user is a member of. Check each group to see if matches the builtin administrators group. If the builtin administrators group is not in the user's authorization groups, then the user is not an administrator on the local machine.

using System.DirectoryServices.AccountManagement;
using System.Linq;

var name = Environment.UserName;
var user = UserPrincipal.FindByIdentity( new PrincipalContext( ContextType.Domain ), name );
var groups = user.GetAuthorizationGroups();
var isAdmin = groups.Any( g => g.Name == "Administrators" );    
Console.WriteLine( "Admin: " + isAdmin );
tvanfosson  2009-05-22 18:42:43

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?