In an ASP.NET project I'm working on I have a few roles set-up by an administrator in a database. I have to compare these roles by the user principal claims.
At the moment I'm converting all the GroupSID's to their corresponding name:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (_roleNames.Exists(r => string.CompareOrdinal(r, group.SamAccountName) == 0))
{
groupName = group.SamAccountName;
return true;
}
_roleNames is a list of strings that contains the roles.
_roleNames.Add("Read");
_roleNames.Add("Edit");
_roleNames.Add("Review");
_roleNames.Add("Publish");
The problem is that this process is pretty slow. The principal is comming from an Active Directory and has a lot of claims.
Is there a way to convert the roleNames in my application to a GroupSID so I can basically skip the process where I convert the GroupSID to their name?
Pseudo code:
list<string> roleSidList
foreach role in roleList
roleSidList.add(role.ConvertToSid())
foreach claim in Principal.Claims
if(roleSidList.Exists(r => r == claim))
// role exists, do something with it
Solved my problems as follow:
instead of passing the SID to the GroupPrincipal I just passed the groupName like this: