Partial Class _Default
Inherits System.Web.UI.Page
Following the class
declaration, the page load event handler is provided. The section is annotated
to describe the action within Page Load:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'
collect the user domain and identity
Dim arr As String()
= _
System.Web.HttpContext.Current.Request.
LogonUserIdentity.Name.Split("\")
'
update the display to show
'
the captured domain and user
If (arr.Length
> 0) Then
lblDomain.Text = arr(0).ToString()
lblUser.Text = arr(1).ToString()
End If
'
clear the list of groups
BulletedListOfGroups.Items.Clear()
'
set the member of group label to no
'
as a default
lblMemberOfGroup.Text
= "NO"
'
create an arraylist and populate
'
it with the list of groups that
'
the current user belongs to
Dim al As New ArrayList()
al = GetGroups()
'
check to see if the user belongs
'
to a specific group and create
'
a list of all of the user's groups
Dim s As String
For Each s In al
'
add this one to the list
BulletedListOfGroups.Items.Add(s)
'
check to see if the user
'
belongs to a specific group
If (s
= "BXSWLT\SomeCustomGroup") Then
'
change the label to show
'
there was a match
lblMemberOfGroup.Text = "YES"
End If
Next
End Sub
The only
other code contained in the default page's code behind is used to capture a
collection of groups of which the user is a member. The captured group list is
used in a simple test to see if the user is a member of a particular group in
the page load handler:
Public Function GetGroups() As ArrayList
Dim groups As New ArrayList()
Dim group As System.Security.Principal.IdentityReference
For Each group In
System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups
groups.Add(group.Translate(GetType(
System.Security.Principal.NTAccount)).ToString())
Next
Return groups
End Function
End Class
Code: Web.Config
This web.config file is in the default configuration; you need only check to
make sure of the type of authentication specified for the application:
<authentication mode="Windows"/>
Make
sure that the authentication mode is set to Windows.
That sums up all the code necessary to make this simple check for group
membership.
Summary
The article is pretty short and simple. The intent was only to show an easy
approach to determining whether or not a user is a member of a group in the
context of a web application running with Windows NT Authentication. The
approach may be useful as a means for controlling access to the entire
application or parts of the application restricted from general use.