C
cameron
I need to find a user's memberOf list, (and all nested groups), very
quickly. My current method is to iterate through the the results of the
the MemberOf property and then do the same to each of those groups.
While complete, this is painfully, painfully, (grow old and die before
it is done), slow.
I have looked at the m_role attribute of the princible object:
WindowsPrincipal MyPrincipal = new WindowsPrincipal(UserIdentity);
MyPrincipal.IsInRole(WindowsBuiltInRole.User);
FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
BindingFlags.NonPublic | BindingFlags.Instance);
string[] Roles = (string[])field.GetValue(MyPrincipal);
Write("<hr>Got " + Roles.Length.ToString() + " groups/roles back [string
array]<br>\n");
foreach (string Role in Roles)
{
Write("Group=" + Role + "<br>\n");
}
but this is horribly incomplete and only lists the built in groups,
(Everyone, Domain Users, etc), which is useless to me.
I also tried the TokenGroup properties:
string[] TokenGroups = new string[]
{
"tokenGroups",
"tokenGroupsGlobalAndUniversal",
"tokenGroupsNoGCAcceptable"
};
DirectoryEntry DE = Utility.GetDirectoryEntry(UserDN);
DE.RefreshCache(TokenGroups);
for(int i=0; i<TokenGroups .length; i++)
{
Write("\n<hr>" + TokenGroups + "<br>\n");
PropertyValueCollection tg = DE.Properties[TokenGroups];
foreach (byte[] SID in (Array)tg.Value)
{
Write("SID Name = " + getNameFromSID(SID) + "<br>\n");
}
}
but these are just as incomplete as the m_role list.
This is a common enough problem that I thought there would be lots of
solutions on Google but these 2 methods were all that I could find,
(other than the brutally slow method I am already using).
This code will be calculating complete lists for thousands of users and
my method has way too much overhead. I need the nested groups since our
security model is complex and very deep. Any help would be greatly
appriecaiated.
Thanks
-Cam
quickly. My current method is to iterate through the the results of the
the MemberOf property and then do the same to each of those groups.
While complete, this is painfully, painfully, (grow old and die before
it is done), slow.
I have looked at the m_role attribute of the princible object:
WindowsPrincipal MyPrincipal = new WindowsPrincipal(UserIdentity);
MyPrincipal.IsInRole(WindowsBuiltInRole.User);
FieldInfo field = typeof(WindowsPrincipal).GetField("m_roles",
BindingFlags.NonPublic | BindingFlags.Instance);
string[] Roles = (string[])field.GetValue(MyPrincipal);
Write("<hr>Got " + Roles.Length.ToString() + " groups/roles back [string
array]<br>\n");
foreach (string Role in Roles)
{
Write("Group=" + Role + "<br>\n");
}
but this is horribly incomplete and only lists the built in groups,
(Everyone, Domain Users, etc), which is useless to me.
I also tried the TokenGroup properties:
string[] TokenGroups = new string[]
{
"tokenGroups",
"tokenGroupsGlobalAndUniversal",
"tokenGroupsNoGCAcceptable"
};
DirectoryEntry DE = Utility.GetDirectoryEntry(UserDN);
DE.RefreshCache(TokenGroups);
for(int i=0; i<TokenGroups .length; i++)
{
Write("\n<hr>" + TokenGroups + "<br>\n");
PropertyValueCollection tg = DE.Properties[TokenGroups];
foreach (byte[] SID in (Array)tg.Value)
{
Write("SID Name = " + getNameFromSID(SID) + "<br>\n");
}
}
but these are just as incomplete as the m_role list.
This is a common enough problem that I thought there would be lots of
solutions on Google but these 2 methods were all that I could find,
(other than the brutally slow method I am already using).
This code will be calculating complete lists for thousands of users and
my method has way too much overhead. I need the nested groups since our
security model is complex and very deep. Any help would be greatly
appriecaiated.
Thanks
-Cam