Thanks to Keith for pointing out a much simpler way (doh!). Removed my bad source code, added a new, good one.
Given the complexity of today’s Active Directory installations, the only safe way of getting all Windows groups a user is member of, is to inspect the token.
After you have acquired a token (e.g. though IIS authentication, LogonUser or Protocol Transition), wrap it in a WindowsIdentity and call:
private static string getRoles(WindowsIdentity id)
List<string> groups = new List<string>();
IdentityReferenceCollection irc = id.Groups.Translate(typeof(NTAccount));
foreach (NTAccount acc in irc)
much better now.