Convert role in application to groupsid

333 views Asked by At

In an ASP.NET project I'm working on I have a few roles set-up by an administrator in a database. I have to compare these roles by the user principal claims.

At the moment I'm converting all the GroupSID's to their corresponding name:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);

if (_roleNames.Exists(r => string.CompareOrdinal(r, group.SamAccountName) == 0))
{
    groupName = group.SamAccountName;
    return true;
}

_roleNames is a list of strings that contains the roles.

_roleNames.Add("Read");
_roleNames.Add("Edit");
_roleNames.Add("Review");
_roleNames.Add("Publish");

The problem is that this process is pretty slow. The principal is comming from an Active Directory and has a lot of claims.

Is there a way to convert the roleNames in my application to a GroupSID so I can basically skip the process where I convert the GroupSID to their name?

Pseudo code:

list<string> roleSidList

foreach role in roleList
   roleSidList.add(role.ConvertToSid())

foreach claim in Principal.Claims
   if(roleSidList.Exists(r => r == claim)) 
      // role exists, do something with it
1

There are 1 answers

0
Dieterg On BEST ANSWER

Solved my problems as follow:

instead of passing the SID to the GroupPrincipal I just passed the groupName like this:

public bool IsUserInGroup(string groupName)
{
    PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
    GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName);

    if (group == null)
        return false;

    return true;
}