Users login: Nested groups.

Tomas Martinez · Jan 20, 2005

Hi there!

If anyone could help me... thanks! My problem is this: our application
controls the users login with Active Directory. It checks that the user is
in
the groups we allow, but if one of these groups has a nested group in it,
the
user isn't checked in this last group (or others, if there were more nested
groups). How could we check users in nested groups?

Thanks a lot.

Joe Kaplan \(MVP - ADSI\) · Jan 20, 2005

If you use Windows authentication in IIS and ASP.NET, then the
WindowsPrincipal created by the runtime will do this for you. Otherwise,
you need to calculate them correctly somehow. If your AD domain is 2003
native mode and your server is a domain member, then you can use Kerberos
S4U to do this easily by creating a WindowsIdentity object using the user's
userPrincipalName attribute and using the resulting WindowsIdentity to
create a WindowsPrincipal.

If you absolutely have to use LDAP to get the user's group membership, I'd
suggest you use the tokenGroups attribute.
http://groups.google.com/groups?hl=en&lr=&[email protected]

Joe K.

Nested Groups from AD for Authorization	0	Jan 26, 2007
Windows Authentication - not seeing Groups	4	Aug 14, 2008
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples.	2	May 5, 2023
Using the nntplib module to count Google Groups users	3	Oct 27, 2013
some valid users not able to login with ActiveWindowMembershipProv	0	Apr 14, 2008
How to check users against security groups in Active Directory	2	Nov 14, 2007
Logging anonymous and Active Dir users without login form	0	May 10, 2005
ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken	5	Oct 10, 2007

Users login: Nested groups.

Tomas Martinez

Joe Kaplan \(MVP - ADSI\)

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads