24 February 2013 • 1 minute
The following code sample outlines a method for determining the group membership of a Windows user using the WindowsIdentity class. This method attempts to be as quick as possible by only comparing the Group SID and not resolving the details for each group a user belongs to.
public static class WindowsIdentityExtensions
{
public static bool IsInGroup(this WindowsIdentity value, string groupName)
{
if (value == null)
return false;
if (string.IsNullOrWhiteSpace(groupName))
return false;
using (var ctx = new PrincipalContext(ContextType.Domain))
{
using (var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName))
{
return group != null &&
value.Groups.Select(g => g.Value).Contains(group.Sid.Value);
}
}
}
}
// Usage
WindowsIdentity identity = WindowsIdentity.GetCurrent();
identity.IsInGroup("GroupName"); // Returns true or false