Re: Getting GROUPS from Active Directory by inputing an AD username

Thanks Joe for th reply.
What i have done from what Dominick adviced from
http://www.leastprivilege.com/GettingAllGroupsForAWindowsAccountInNET20.aspx
was to use
WindowsIdentity id = (WindowsIdentity)HttpContext.Current.User.Identity
and then passed it to the grtGroups(id)
But with that i'm not passing the Logon user. i want to pass in
grtGroups(logon_user).So that a user can come in and then inputs a username
and then retrieve their AD GROUPS.
But i don't really get what you wrote about using the "userPrincipalName as
the only parameter"
Also i looked at using the tokenGroups method listed below what would i
have to do to pass logon_user
Thanks in Advance

StringBuilder sb = new StringBuilder();

//we are building an '|' clause
sb.Append("(|");

foreach (byte[] sid in user.Properties["tokenGroups"])
{
//append each member into the filter
sb.AppendFormat(
"(objectSid={0})", BuildFilterOctetString(sid));
}

//end our initial filter
sb.Append(")");

DirectoryEntry searchRoot = new DirectoryEntry(
"LDAP://DC=domain,DC=com";,
null,
null,
AuthenticationTypes.Secure
);

using (searchRoot)
{
//we now have our filter, we can just search for the groups
DirectorySearcher ds = new DirectorySearcher(
searchRoot,
sb.ToString() //our filter
);

using (SearchResultCollection src = ds.FindAll())
{
foreach (SearchResult sr in src)
{
//Here is each group now...
Console.WriteLine(
sr.Properties["samAccountName"][0]);
}
}
}






"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OCAXpCvVHHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
There are two options for this that I would consider using:

If your AD is 2003 native mode and the machine that your app is running on
is 2003 or higher, you can use protocol transition to generate a
WindowsIdentity for a user and get their groups. Use the constructor on
WindowsIdentity that takes the userPrincipalName as the only parameter.
It just works. :)

Alternately, you can use LDAP to look up the users groups. I recommend
the tokenGroups technique discussed at the end of ch 10 of my book, which
you can download from the site in my signature.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Patrick.O.Ige" <naijacoder@xxxxxxxxxxx> wrote in message
news:ud9zTluVHHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the response.
But whan i want to do is to have a textbox and when i input a AD username
and click search
i would like to retrieve the groups they belong to.
But what you pointed me to uses the "WindowsIdentity" can iuse the
User.Identity.Name?
Thanks in Advance..
Also is it also possible to do the vice versa..i.e input the AD GROUPS
and then recieve the users?
PAtrick

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:51eb304891098c9247b27967b00@xxxxxxxxxxxxxxxxxxxxx
Just use plain WindowsAuthentication - you can get all groups from the
WindowsIdentity that hangs off Context.User...

http://www.leastprivilege.com/GettingAllGroupsForAWindowsAccountInNET20.aspx

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

I used the WindowsTokenRoleProvider and i was able to input my
username and
i retrieved all the GROUPS i belong to on my PC.
I'm thinking of doing the same but against Active Directory.
How can i do the same against AD?
Will i have to use "AuthorizationStoreRoleProvider" and install Azman?
Or
iare they any other ways?
I have used ActiveDirectoryMembershipProvider before with my treeview
for
securitytimming can i use that?
Thanks in Advance








.

Relevant Pages

  • Re: Getting GROUPS from Active Directory by inputing an AD username
    ... But i don't really get what you wrote about using the "userPrincipalName ... //append each member into the filter ... DirectoryEntry searchRoot = new DirectoryEntry( ... WindowsIdentity for a user and get their groups. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Getting GROUPS from Active Directory by inputing an AD username
    ... Yeah Joe.. ... //append each member into the filter ... DirectoryEntry searchRoot = new DirectoryEntry( ... WindowsIdentity for a user and get their groups. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Getting GROUPS from Active Directory by inputing an AD username
    ... But whan i want to do is to have a textbox and when i input a AD username ... i would like to retrieve the groups they belong to. ... WindowsIdentity that hangs off Context.User... ... I'm thinking of doing the same but against Active Directory. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Getting the users DN
    ... I would like to retrieve the currently logged in user's DN ... from Active Directory. ... Alternatively, if, using WindowsIdentity, or ... Derek Martin ...
    (microsoft.public.dotnet.languages.vb)