Question
In an ASP.NET project I'm working on I have a few roles set-up by an administrator in a database. I have to compare these roles by the user principal claims.
At the moment I'm converting all the GroupSID's to their corresponding name:
https://stackoverflow.com/questions/20517465
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (_roleNames.Exists(r => string.CompareOrdinal(r, group.SamAccountName) == 0))
{
groupName = group.SamAccountName;
return true;
}
_roleNames is a list of strings that contains the roles.
_roleNames.Add("Read");
_roleNames.Add("Edit");
_roleNames.Add("Review");
_roleNames.Add("Publish");
The problem is that this process is pretty slow. The principal is comming from an Active Directory and has a lot of claims.
Is there a way to convert the roleNames in my application to a GroupSID so I can basically skip the process where I convert the GroupSID to their name?
Pseudo code:
list<string> roleSidList
foreach role in roleList
roleSidList.add(role.ConvertToSid())
foreach claim in Principal.Claims
if(roleSidList.Exists(r => r == claim))
// role exists, do something with it
Solution
Solved my problems as follow:
instead of passing the SID to the GroupPrincipal I just passed the groupName like this:
public bool IsUserInGroup(string groupName)
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName);
if (group == null)
return false;
return true;
}
