User Group Membership

Discussion in 'ASP .Net' started by cameron, Jun 9, 2004.

  1. cameron

    cameron Guest

    I need to find a user's memberOf list, (and all nested groups), very
    quickly. My current method is to iterate through the the results of the
    the MemberOf property and then do the same to each of those groups.
    While complete, this is painfully, painfully, (grow old and die before
    it is done), slow.

    I have looked at the m_role attribute of the princible object:

    WindowsPrincipal MyPrincipal = new WindowsPrincipal(UserIdentity);
    MyPrincipal.IsInRole(WindowsBuiltInRole.User);
    FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
    BindingFlags.NonPublic | BindingFlags.Instance);
    string[] Roles = (string[])field.GetValue(MyPrincipal);
    Write("<hr>Got " + Roles.Length.ToString() + " groups/roles back [string
    array]<br>\n");
    foreach (string Role in Roles)
    {
    Write("Group=" + Role + "<br>\n");
    }

    but this is horribly incomplete and only lists the built in groups,
    (Everyone, Domain Users, etc), which is useless to me.

    I also tried the TokenGroup properties:

    string[] TokenGroups = new string[]
    {
    "tokenGroups",
    "tokenGroupsGlobalAndUniversal",
    "tokenGroupsNoGCAcceptable"
    };
    DirectoryEntry DE = Utility.GetDirectoryEntry(UserDN);
    DE.RefreshCache(TokenGroups);

    for(int i=0; i<TokenGroups .length; i++)
    {
    Write("\n<hr>" + TokenGroups + "<br>\n");
    PropertyValueCollection tg = DE.Properties[TokenGroups];
    foreach (byte[] SID in (Array)tg.Value)
    {
    Write("SID Name = " + getNameFromSID(SID) + "<br>\n");
    }
    }

    but these are just as incomplete as the m_role list.

    This is a common enough problem that I thought there would be lots of
    solutions on Google but these 2 methods were all that I could find,
    (other than the brutally slow method I am already using).

    This code will be calculating complete lists for thousands of users and
    my method has way too much overhead. I need the nested groups since our
    security model is complex and very deep. Any help would be greatly
    appriecaiated.

    Thanks

    -Cam
     
    cameron, Jun 9, 2004
    #1
    1. Advertising

  2. "cameron" <> wrote in message
    news:...
    > I need to find a user's memberOf list, (and all nested groups), very
    > quickly. My current method is to iterate through the the results of the
    > the MemberOf property and then do the same to each of those groups.
    > While complete, this is painfully, painfully, (grow old and die before
    > it is done), slow.


    You might want to reconsider your reasons for wanting to do this. What are
    you going to do with that list once you get it? And how much do you care
    that some of the groups may change their group membership, perhaps even
    while you're recursively enumerating?
    --
    John Saunders
    johnwsaundersiii at hotmail
     
    John Saunders, Jun 10, 2004
    #2
    1. Advertising

  3. cameron

    cameron Guest

    It is a web application. The list is used to control the display of the
    page since each group can potentially change the layout of the window.
    The list is calculated and cached and used until one of its
    dependencies, (the groups), are changed at which time it is recalculated.

    I can not really use the 'IsInRole' stuff since I do not know the groups
    in advance, (user defined groups so they are completely aribarily named
    and configured).

    -Cam

    John Saunders wrote:
    > "cameron" <> wrote in message
    > news:...
    >
    >>I need to find a user's memberOf list, (and all nested groups), very
    >>quickly. My current method is to iterate through the the results of the
    >>the MemberOf property and then do the same to each of those groups.
    >>While complete, this is painfully, painfully, (grow old and die before
    >>it is done), slow.

    >
    >
    > You might want to reconsider your reasons for wanting to do this. What are
    > you going to do with that list once you get it? And how much do you care
    > that some of the groups may change their group membership, perhaps even
    > while you're recursively enumerating?
     
    cameron, Jun 10, 2004
    #3
  4. "cameron" <> wrote in message
    news:...
    > It is a web application. The list is used to control the display of the
    > page since each group can potentially change the layout of the window.
    > The list is calculated and cached and used until one of its
    > dependencies, (the groups), are changed at which time it is recalculated.
    >
    > I can not really use the 'IsInRole' stuff since I do not know the groups
    > in advance, (user defined groups so they are completely aribarily named
    > and configured).


    When a group changes the layout of the window, do you know the name of the
    group? If so, you can use IsInRole.
    --
    John Saunders
    johnwsaundersiii at hotmail
     
    John Saunders, Jun 10, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jan Nielsen

    Checking group membership

    Jan Nielsen, Sep 2, 2003, in forum: ASP .Net
    Replies:
    0
    Views:
    1,017
    Jan Nielsen
    Sep 2, 2003
  2. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    best way of checking for Group membership?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Feb 26, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    276
    =?Utf-8?B?ZGhucml2ZXJzaWRl?=
    Feb 26, 2005
  3. Tino Donderwinkel
    Replies:
    2
    Views:
    773
    Tino Donderwinkel
    Jun 18, 2008
  4. Svante
    Replies:
    10
    Views:
    293
    Paul Clement
    Dec 10, 2004
  5. David Thielen
    Replies:
    1
    Views:
    685
    Registered User
    May 1, 2009
Loading...

Share This Page