1

I've built an application out of Visual Basic with a login screen and a form. The login screen authenticates with Active Directory. After user authentication, the form loads. On form load, I would like to check to see if the authenticated user is in one of four particular Active Directory security groups. Depending on which group the authenticated user is in will depend on which buttons on the form are enabled. I've got the active directory user authentication to work for logging into the program and loading the form, but the specific code used to verifying which group the user is in does not work. Below is my code for form load.

Private Sub form_main_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    button_main_pimam.Enabled = False
    button_main_pimpm.Enabled = False
    button_main_eim.Enabled = False
    button_main_achmanager.Enabled = False
    button_main_mobiliti.Enabled = False
    button_main_checkfree.Enabled = False
    button_main_rcm.Enabled = False
    button_main_mis.Enabled = False
    button_main_colson.Enabled = False

    If My.User.IsInRole("domain.local\Fiserv Processing - Electronic Banking") Then
        button_main_achmanager.Enabled = True
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_colson.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Operations") Then
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Loan Operations") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - MIS") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
        button_main_colson.Enabled = True
    End If
End Sub

Regardless of which group the authenticated user is in, all the buttons are enabled for use. What am I doing wrong?

Lee
  • 13
  • 1
  • 4
  • Use the debugger to step through this code, watch out for exceptions that terminate this code but do not generate a debugger diagnostic. Fwiw, this code belongs in the constructor. – Hans Passant Apr 23 '15 at 14:58
  • The debugger isn't throwing any errors or exceptions. The code doesn't terminate, it just doesn't work correctly. – Lee Apr 23 '15 at 15:09
  • You are going to have to find a web site where psychics hand out free advice as long as you don't tell us exactly *how* you can tell it doesn't work. Shooting off the hip, setting button_main_colson.Enabled to True twice is a code smell. – Hans Passant Apr 23 '15 at 15:15
  • My authenticated user is in the "Operations" AD group. Based on the above code, I should only have 5 of the 9 buttons enabled once I sign into the program. But when I'm signing in, I have all 9 buttons enabled. – Lee Apr 23 '15 at 15:19
  • Maybe I should rephrase my question. How should I write my code to enable certain buttons on form load and disable other buttons based on the AD security group the authenticated user is a part of. – Lee Apr 23 '15 at 15:21
  • When you step through the code, which of the if statements return true? – Hans Olsson Apr 23 '15 at 15:32
  • What I've discovered is that on form load, the form is looking at the user logged into the computer instead of looking at the user who has logged into the program. In this case, the user logged into the computer is not the user logging into the program How do I change my code to have the form load reference the user who authenticated on the login form? – Lee Apr 23 '15 at 16:02

1 Answers1

0

Try this approach. In your case, i would cache the array of groups that user belongs to when user authenticates, and then check whenever you need in your app.

   Function IsInGroup(UserName As String, groupName As String) As Boolean
      Dim vUsuario As New NTAccount(UserName)
      Dim sid As SecurityIdentifier = vUsuario.Translate(GetType(SecurityIdentifier))
      Using vRootDSE As New DirectoryEntry("LDAP://rootDSE")
         Using vSearcher As New DirectorySearcher(New DirectoryEntry("LDAP://" + CStr(vRootDSE.Properties("defaultNamingContext")(0))), "(objectSID=" & sid.ToString() & ")", New String() {"memberOf"}, SearchScope.Subtree)
            Dim src As SearchResultCollection = vSearcher.FindAll()

            Dim memberOf As ResultPropertyValueCollection = src(0).Properties("memberOf")
            For i As Integer = 0 To memberOf.Count - 1
               'Debug.Print(memberOf(i).ToString())

               ' I don't really like this approach, but it's quick to write ;)
               If memberOf(i).ToString().Contains("=" & groupName & ",") Then
                  Return True
               End If
            Next

         End Using

      End Using

      Return False
   End Function
JJDiez
  • 1
  • 1