Sergio
Sergio

Reputation: 6948

How do I get Active Directory group id for authorized user

I have web application that uses the Authorize attribute with roles specified to restrict access to some pages:

[Authorize(Roles = "AD_group1, AD_group2")]

The question is - is there any way I can get some kind of an Active Directory groupId for authorized user (no matter int or string)?

upd: Basic idea is to store some table in database, containing templates which should be separate for every group. e.g. users in group1 can have some templates for fast answer to typical questions while group2 doesn't have any of them, or have some other templates

Upvotes: 1

Views: 6473

Answers (1)

marc_s
marc_s

Reputation: 755321

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
   // find a user
   UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
   // or if you want the currently logged in user - you can also use:
   // UserPrincipal user = UserPrincipal.Current;

   if(user != null)
   {
       // get all groups the user is a member of
       foreach(GroupPrincipal group in user.GetAuthorizationGroups())
       {
           string distinguishedName = group.DistinguishedName;
           Guid groupGuid = group.Guid;
       }
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

Upvotes: 3

Related Questions