locked
Get tokenGroups for user in VB.NET RRS feed

  • Question

  • User412374996 posted
    Is there some sample code for checking to see if a user is in a particular tokenGroup on the Active Directory? I've found some examples in C#. Any in VB.NET? Thanks.
    Wednesday, June 7, 2006 10:28 AM

All replies

  • User412374996 posted
    I found some which use the "memberOf", but I've heard it's better to use the "tokenGroup".
    Wednesday, June 7, 2006 1:42 PM
  • User1354132231 posted
    The advantage of using 'tokenGroups' is that it unravels all the group nesting for you.  Otherwise you would need recursion.

    You can write this code yourself fairly easily in VB.NET.  Simply get the 'objectSid' from your Group, and the 'tokenGroups' from your User.  Construct a SecurityIdentifier class in .NET 2.0 for each and then use the .Equals() method to determine if the SID matches.
    Wednesday, June 7, 2006 2:24 PM
  • User1354132231 posted
    I thought about it more and something like this should work:

    public static bool IsMember(DirectoryEntry group, DirectoryEntry user)
    {
        user.RefreshCache(new string[] { "tokenGroups" });
        bool isMember = false;

        byte[] groupSidBytes = (byte[])group.Properties["objectSid"].Value;
        SecurityIdentifier groupSid = new SecurityIdentifier(groupSidBytes, 0);

        foreach (byte[] sidBytes in user.Properties["tokenGroups"])
        {
            isMember = new SecurityIdentifier(sidBytes, 0).Equals(groupSid);
            if (isMember)
            {
                break;
            }
        }
        return isMember;
    }


    Just convert it to VB.NET using free translator.
    Wednesday, June 7, 2006 2:37 PM
  • User412374996 posted
    Thanks, dunnry. Perfect [:D]
    Wednesday, June 7, 2006 3:11 PM
  • User412374996 posted
    By the way, how do you know so much about the Active Directory/LDAP? To me, this is one of the most powerful technologies -- and also one of the most mysterious!
    Wednesday, June 7, 2006 3:14 PM
  • User1354132231 posted
    Practice, practice, practice... :)
    Monday, June 12, 2006 10:29 AM
  • User412374996 posted

    I thought so [:D]

    Monday, June 12, 2006 10:43 AM