There is a hack you can do using reflection on the priate _GetRoles() method
on WindowsIdentity to get the array of strings containing the actual Windows
groups name that IsInRole uses under the hood. However, that would be a bad
idea to use in production as reflecting on private members is not a good
idea and may leave you stranded on a future version of the framework.
You could also try to look up the groups using System.DirectoryServices and
expanding a user's tokenGroups AD attribute to get their group membership,
but this tricky and will miss some of the other SIDs that Windows adds to
the token such as Authenticated Users and such.
Another idea would be to just loop through your roles in SQL and call
IsInRole on each one so get a mapping. That is probably the easiest way to
go. Also, you could potentially do that only once and cache the results if
that is an expensive operation.
HTH,
Joe K.
ECUnited said:
This may have been answered in a previous post, and if so, please excuse
my redundancy. I am using Windows authentication and I know about the
IsInRole check, but I need to obtain a list of roles that each user is in.
How is the most simple way to do that? What I need to do is to evaluate
each user's role(s) against a role assigned to a record in SQL Server, in
order to display or not display an item in a web page. Any help would be
greatly appreciated.