{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 \"骚年 ilove 的问题《How to get user groups from on-premise ADFS claims》','https://www.manongdao.com/q-601780.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have followed this article to build demo app with on-premise ADFS federation.
I am able to get needed information for user using simple code
Dim UserEmail = System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.IdentityModel.Claims.ClaimTypes.Email).Value
But how I can get user groups where the username belongs and check if user account is member of Windows group in Active Directory?
I have tried to use System.Security.Claims.ClaimsPrincipal.Current.IsInRole to check if user is in group, but it won't work
With this is enough.
:)
In ADFS claims rules, you need to configure a rule "Send LDAP Attributes as Claims" / "Token Groups - Unqualified Names" and map to "Role" as the "Outgoing Claim Type".
ADFS then provides all the security groups the user is memberOf in Role format and WIF maps them to the IsInRole construct.