I first tried by resolving the AD-Groups iteratively, however that was obviously quite slow and expensive. There had to be a better solution and I found it:
As SharePoint uses Claims-Authentication (by Default in 2013) all the AD-Groups (at least their SIDs) are alredy in the users Claims, including their complete hirarchy.
So all you have to do is something like:
var claims = ((Microsoft.IdentityModel.Claims.ClaimsIdentity) testuser.Identity).Claims;to get the current Users Claims. In this Claims collection you have besides others the current users Groups, represented by their SIDs. You have to reference Microsoft.IdentityModel, which is usually located in GAC on a SP2013 Server.
To check if the user or one of it´s Groups belongs to a specific SharePoint-Group, you simply have to do:
SPSecurity.RunWithElevatedPrivileges(delegate{ using (var elevatedSite = new SPSite(SPContext.Current.Site.ID)) { var web = elevatedSite.RootWeb; var group = web.SiteGroups.GetByName(groupName); foreach (SPUser user in group.Users) { if (user.IsDomainGroup) { //var users = new List(); var sid = user.LoginName.Split('|')[1]; if (claims.Any(c => String.Equals(c.Value, sid, StringComparison.CurrentCultureIgnoreCase))) { returnValue = true; break; } } else if (user.LoginName == userName) { returnValue = true; break; } } } });
Maybe there is a simple way to get all SharePoint-Groups, where one of the SIDs belong to, too. I did not try that yet.
Keine Kommentare:
Kommentar veröffentlichen