Re: PrincipalPermission Attribute and Nested Groups
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: Fri, 9 Apr 2004 00:05:48 -0500
This does definitely work. However, there are a few requirements:
- Your AD domain needs to be in 2000 native mode or 2003 functional level
- Group A needs to have the security bit set on the groupType
If both of those are true, you should have no problems. If not, then that
is the problem. If those are both true and it still isn't working, it could
be an issue of having the group name (domain\samAccountName) incorrect.
"Anthony Christianson" <email@example.com> wrote in
> The Issue:
> Group A contains Group B
> Group B contains User 1.
> I want to check if User 1 is in Group A.
> [PrincipalPermission(SecurityAction.Demand,Role="Group A")]
> [PrincipalPermission(SecurityAction.Demand,Role="Group B")]
> Since Group B is a memberOf Group A, they both should succeed.
> I have tried :
> WindowsIdentity identity = WindowsIdentity.GetCurrent();
> WindowsPrincipal principal = new WindowsPrincipal(identity);
> if( principal.IsInRole("Group A"))
> And this does not work.
> Does anyone have a answer as to how I can quickly check to see if User 1
> in Group A