User.IsInRole with Active Directory authentication

I want to f开发者_如何学Pythonind out how the User.IsInRole function works with Windows Authentication. Does it only put them in one role, or is it somehow hierarchical?

For example I have a domain group called "GroupB" and this group is a member of "GroupA", and another group called "GroupC" is a member of "GroupB". If I call User.IsInRole("GroupB") for userA, userB, and userC, will it only return true for userB? And what about if the user is a domain admin, does IsInRole() always returne true or false?

I need this for cases where I want to make a group for external partners and I want make deciscions based upon this (like open internet explorer for internal users and special browser for external users, but if the internal user is the domain admin it would open a special browser if User.IsInRole always returns true for domain admins). I need to know exactly how this works for security reasons.

Thank you for helping. I've searched the internet, and haven't been able to find any information about this.

In my experience, these functions are NOT recursive unless it specifically says it is. UserPrincipal.GetAuthorizationGroups() for example is recursive.

I don't believe User.IsInRole() is.

I would suggest going through this site and its linked articles. It will help you greatly. http://msdn.microsoft.com/en-us/library/z164t8hs(v=VS.71).aspx

User.IsInRole is going to be functionally recursive with Windows AuthN. It is going off your security token which is built by AD/local SAM at logon. That token includes all of the groups you're a member of.