Tuesday, September 20, 2005

Expanding Group Membership in .NET 2.0

We have some new options available to us in .NET 2.0 to discover a user’s group membership.  I ran into an entry on Dominick’s blog about expanding group membership using the new IdentityReference class.  This technique assumes you can get a WindowsIdentity for the user you wish to expand.  I previously covered two other techniques here and here.

I use yet another 3rd technique similar to this in the book that actually takes the ‘tokenGroups’ attribute for any user in AD and expands the membership using the IdentityReference.  It is the most elegant of the 3 methods, IMO.

One note on Dominick’s code: a way to further optimize this is to use .Translate on the IdentityReferenceCollection so that the call is batched under the hood.