How to get list of groups the user is associated with in Azman?

I'm able to get the roles associated with the authenticated user but not the groups. Is there a way to get the groups

WindowsIdentity userIdentity = HttpContext.Current.User.Identity as WindowsIdentity;

AzAuthorizationStoreClass azManStore = new AzAuthorizationStoreClass();

string storeConnectionStri开发者_如何学Pythonng = ConfigurationManager.ConnectionStrings["<CONN STRING>"].ConnectionString;

azManStore.Initialize(0, storeConnectionString, null);

IAzApplication azApp = azManStore.OpenApplication("<APP NAME>", null);

ulong token = (ulong)userIdentity.Token;

IAzClientContext ctx = azApp.InitializeClientContextFromToken(token, null);

object roles = ctx.GetRoles(String.Empty);

I have not found a way. On my project we had one requirement for this and ended up doing a simplistic implementation that walked through each Group and checked if the user was a member. The problem with this approach is that it ignores membership via groups in groups and also membership via the user being a member of an AD group that is a member of the AzMan group. You could grow the solution to cover these scenarios, but ultimately I think that when you start asking questions like this, you might be heading down the role-based security path with Azman (which is operation (or task) based security).