When using Windows authentication with Asp.net, I often need to know which active directory groups a user is a member of. Now I know that you can do something like:
if (User.IsInRole("Admin")) { //Give Access to Secrets }
The problem with this is you need to know the name of the group ahead of time. And what if you are on a network where the full name of a group is not always clear. The actual group name may be “MyDomain\Admin”. So I wrote up a quick way to just get a list of all the groups a user is a member of. It isn’t super straight forward (as far as which types you need to cast to) so I thought I would list it out here:
public static List<string> GetGroups(RolePrincipal user) { List<string> groups = new List<string>(); WindowsIdentity identity = p.Identity as WindowsIdentity; foreach (IdentityReference group in identity.Groups) { NTAccount account = (NTAccount)group.Translate(typeof(NTAccount)); groups.Add(account.Value); } return groups; }
the user of it on a web page would be something like:
List<string> groups = GetGroups(User as RolePrincipal);
Keep in mind that this is assuming you are using Windows Authentication. So the weird part of the code above is:
NTAccount account = (NTAccount)group.Translate(typeof(NTAccount));
if you do not get this step, you will just get a bunch of Active Directory IDs that won’t do you much good.
Also, sorry about the long title. I just can’t think of a clever title today. Maybe I should add something like “Ultimate Edition for Developers” on the end to make it extra clear.
Subscribe
Spontaneous Publicity 
hi
Great Article.. helped alot
but what is p inp.Identity as WindowsIdentity;
if you explain a bit more it will be more helpful to freshers/beginners/ or persone new to this concept
thanks
great tip, one more question – how to use that code when i need to know membership of other user (not the current user)