IsInRole - VB表单加载

Question

我已经在Visual Basic的基础上构建了一个具有登录屏幕和表单的应用程序。登录屏幕通过Active Directory进行身份验证。在用户身份验证之后，将加载该表单。在加载表单时，我想检查通过身份验证的用户是否属于四个特定的Active Directory安全组之一。根据经过身份验证的用户所在的组，将取决于表单上启用了哪些按钮。我已经让active directory用户身份验证用于登录程序和加载表单，但用于验证用户所在组的特定代码不起作用。下面是我的表单加载代码。

Private Sub form_main_Load(sender As Object, e As EventArgs) Handles MyBase.Load

    button_main_pimam.Enabled = False
    button_main_pimpm.Enabled = False
    button_main_eim.Enabled = False
    button_main_achmanager.Enabled = False
    button_main_mobiliti.Enabled = False
    button_main_checkfree.Enabled = False
    button_main_rcm.Enabled = False
    button_main_mis.Enabled = False
    button_main_colson.Enabled = False

    If My.User.IsInRole("domain.local\Fiserv Processing - Electronic Banking") Then
        button_main_achmanager.Enabled = True
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_colson.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Operations") Then
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_colson.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - Loan Operations") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
    ElseIf My.User.IsInRole("domain.local\Fiserv Processing - MIS") Then
        button_main_pimam.Enabled = True
        button_main_pimpm.Enabled = True
        button_main_eim.Enabled = True
        button_main_achmanager.Enabled = True
        button_main_mobiliti.Enabled = True
        button_main_checkfree.Enabled = True
        button_main_rcm.Enabled = True
        button_main_mis.Enabled = True
        button_main_colson.Enabled = True
    End If
End Sub

无论经过身份验证的用户属于哪个组，都会启用所有按钮以供使用。我做错了什么？

Answer 1

尝试这种方法。在您的示例中，当用户进行身份验证时，我将缓存用户所属的组的数组，然后在您的应用程序中需要时进行检查。

   Function IsInGroup(UserName As String, groupName As String) As Boolean
      Dim vUsuario As New NTAccount(UserName)
      Dim sid As SecurityIdentifier = vUsuario.Translate(GetType(SecurityIdentifier))
      Using vRootDSE As New DirectoryEntry("LDAP://rootDSE")
         Using vSearcher As New DirectorySearcher(New DirectoryEntry("LDAP://" + CStr(vRootDSE.Properties("defaultNamingContext")(0))), "(objectSID=" & sid.ToString() & ")", New String() {"memberOf"}, SearchScope.Subtree)
            Dim src As SearchResultCollection = vSearcher.FindAll()

            Dim memberOf As ResultPropertyValueCollection = src(0).Properties("memberOf")
            For i As Integer = 0 To memberOf.Count - 1
               'Debug.Print(memberOf(i).ToString())

               ' I don't really like this approach, but it's quick to write ;)
               If memberOf(i).ToString().Contains("=" & groupName & ",") Then
                  Return True
               End If
            Next

         End Using

      End Using

      Return False
   End Function