How do I get Active Directory group id for authorized user

Question

I have web application that uses the Authorize attribute with roles specified to restrict access to some pages:

[Authorize(Roles = "AD_group1, AD_group2")]

The question is - is there any way I can get some kind of an Active Directory groupId for authorized user (no matter int or string)?

upd: Basic idea is to store some table in database, containing templates which should be separate for every group. e.g. users in group1 can have some templates for fast answer to typical questions while group2 doesn't have any of them, or have some other templates

Answer 1

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
   // find a user
   UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
   // or if you want the currently logged in user - you can also use:
   // UserPrincipal user = UserPrincipal.Current;

   if(user != null)
   {
       // get all groups the user is a member of
       foreach(GroupPrincipal group in user.GetAuthorizationGroups())
       {
           string distinguishedName = group.DistinguishedName;
           Guid groupGuid = group.Guid;
       }
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!