IsInRole - VB Form Load

Question

I've built an application out of Visual Basic with a login screen and a form. The login screen authenticates with Active Directory. After user authentication, the form loads. On form load, I would like to check to see if the authenticated user is in one of four particular Active Directory security groups. Depending on which group the authenticated user is in will depend on which buttons on the form are enabled. I've got the active directory user authentication to work for logging into the program and loading the form, but the specific code used to verifying which group the user is in does not work. Below is my code for form load.

Private Sub form_main_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    button_main_pimam.Enabled = False
    button_main_pimpm.Enabled = False
    button_main_eim.Enabled = False
    button_main_achmanager.Enabled = False
    button_main_mobiliti.Enabled = False
    button_main_checkfree.Enabled = False
    button_main_rcm.Enabled = False
    button_main_mis.Enabled = False
    button_main_colson.Enabled = False

    If My.User.IsInRole("domain.local\Fiserv Processing - Electronic Banking") Then
        button_main_achmanager.Enabled = True
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_colson.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Operations") Then
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Loan Operations") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - MIS") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
        button_main_colson.Enabled = True
    End If
End Sub

Regardless of which group the authenticated user is in, all the buttons are enabled for use. What am I doing wrong?

Answer 1

Try this approach. In your case, i would cache the array of groups that user belongs to when user authenticates, and then check whenever you need in your app.

   Function IsInGroup(UserName As String, groupName As String) As Boolean
      Dim vUsuario As New NTAccount(UserName)
      Dim sid As SecurityIdentifier = vUsuario.Translate(GetType(SecurityIdentifier))
      Using vRootDSE As New DirectoryEntry("LDAP://rootDSE")
         Using vSearcher As New DirectorySearcher(New DirectoryEntry("LDAP://" + CStr(vRootDSE.Properties("defaultNamingContext")(0))), "(objectSID=" & sid.ToString() & ")", New String() {"memberOf"}, SearchScope.Subtree)
            Dim src As SearchResultCollection = vSearcher.FindAll()

            Dim memberOf As ResultPropertyValueCollection = src(0).Properties("memberOf")
            For i As Integer = 0 To memberOf.Count - 1
               'Debug.Print(memberOf(i).ToString())

               ' I don't really like this approach, but it's quick to write ;)
               If memberOf(i).ToString().Contains("=" & groupName & ",") Then
                  Return True
               End If
            Next

         End Using

      End Using

      Return False
   End Function