On The Mark Contributing to the vast web, 1 blog post at a time – blogs by Mark Monica

29Oct/091

Possible VB2008 BUG: My.User.IsInRole (When UAC ON)

Scenario

 

On machines where Vista/W7 is installed there appears to be an issue when checking to see if a user is in a role.  User Account Control (UAC) must be on to reproduce the issue.  The result is that the value returned is always FALSE even when the user does belong to the group.

 

Sample Code (UAC must be on to produce error)

 

If My.User.IsInRole(“My Domain\My Group”) Then

     Return True

Else

     Return False

End If

Workaround

 

To get around this I created a function using other .Net functions.

Public Function IsInUserRole(ByVal RoleToFind As String) As Boolean

    Dim id As WindowsIdentity = WindowsIdentity.GetCurrent
    Dim irc As IdentityReferenceCollection

    ' Gets a SID list of groups the user belongs to

    irc = id.Groups

    For Each ir As IdentityReference In irc

        ' Need to convert the SID to plain english

Technorati Tags: ,,


        Dim act As NTAccount = CType(ir.Translate(Type.GetType("System.Security.Principal.NTAccount")), NTAccount)

        If act.Value = RoleToFind Then

            Return True

        End If

    Next

    Return False

End Function

Share this blog article:
  • Print
  • Facebook
  • del.icio.us
  • Digg
  • Yahoo! Buzz
  • Google Bookmarks
  • Slashdot
  • Reddit
  • StumbleUpon
  • Technorati
  • TwitThis

Related Posts

  • No Related Post
Comments (1) Trackbacks (0)
  1. My VB app worked file in XP and win2k3 authorizing users based on AD groups. I switched my development workstation to Win 7. Now I am never authorized by the app. I am worried that when we switch our servers to 2008 the same thing will happen in production.

    My original VB code is similer to your “workaround”. I tried using the IsInRole approach as a workaround.

    Neither works because it looks like they both get group memberships from the same place.

    Tracing the code I can see 56 groups returned, but they are not my groups – I have less than a dozen memberships. The returned groups are a subset of the groups defined in my AD.

    Unless I missed a reference in VS, it looks like a bug to me.


Leave a comment


No trackbacks yet.