Getting all Groups for a Windows Account in .NET 2.0

UPDATE:
Thanks to Keith for pointing out a much simpler way (doh!). Removed my bad source code, added a new, good one.

Given the complexity of today’s Active Directory installations, the only safe way of getting all Windows groups a user is member of, is to inspect the token.

After you have acquired a token (e.g. though IIS authentication, LogonUser or Protocol Transition), wrap it in a WindowsIdentity and call:

private static string[] getRoles(WindowsIdentity id)

{

  List<string> groups = new List<string>();

  IdentityReferenceCollection irc = id.Groups.Translate(typeof(NTAccount));

 

  foreach (NTAccount acc in irc)

  {

    groups.Add(acc.Value);

  }

  return groups.ToArray();

}

much better now.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s