Replacement for NetUserGetLocalGroups with LG_INCLUDE_INDIRECT set

[Reine Olofsson]

Hi all

I'm trying to implement access check in my web application based on the
current
user.
I've tried using the IsInRole method but have discoverad that it lacks one
important feature. It doens't return TRUE if the user belongs to a domin
group added to the local group i'm checking..
Sample:
User 'MyUser' is a member of DOMAIN\Developers
DOMAIN\Developers is a member of LOCALSERVER\AppUsers
When i run myCredential.IsInRole("LOCALSERVER\AppUsers") the return value is
False. If I add 'MyUser' to LOCALSERVER\AppUsers excplicitly it works, but
that's not an option.
Can I somehow get the funtionality of the NetApi32 function
NetUserGetLocalGroups with the flag LG_INCLUDE:INDIRECT? Does anyone have
any sample code for declaring and using the NetUserGetLocalGroups function
in VB.Net?

Regards
Reine Olofsson
Developer

 

[Reine Olofsson]

Problem solved:

Public Function GetLocalRoles(ByRef winIdentity As WindowsIdentity) As
String()
Dim iCount, iMax As Integer
Dim vRoles() As String
Dim sLocalRoles, sLocalServer As String
Dim vLocalRoles() As String
Dim idType As Type
Dim result As Object

sLocalServer = Environment.MachineName.ToUpper
idType = GetType(System.Security.Principal.WindowsIdentity)
result = idType.InvokeMember("_GetRoles", _
BindingFlags.Static Or BindingFlags.InvokeMethod Or
BindingFlags.NonPublic, _
Nothing, winIdentity, New Object() {winIdentity.Token}, Nothing)
vRoles = DirectCast(result, String())

iMax = vRoles.Length - 1
For iCount = 0 To iMax
If vRoles(iCount) <> "" Then
If vRoles(iCount).ToUpper.StartsWith(sLocalServer) Then
sLocalRoles += vRoles(iCount).Remove(0, sLocalServer.Length + 1) +
";"
End If
End If
Next
If sLocalRoles <> "" Then
vLocalRoles = sLocalRoles.Split(";".ToCharArray)
Return vLocalRoles
End If
End Function
/Reine Olofsson