private static IEnumerable <Claim> CreateGroupClaims(WindowsPrincipal principal)
{
var groupSidClaims = principal.FindAll(ClaimTypes.GroupSid);
var sids = new IdentityReferenceCollection();
foreach (var sidClaim in groupSidClaims)
{
sids.Add(new SecurityIdentifier(sidClaim.Value));
}
var groupNames = sids.Translate(typeof(NTAccount));
var groupNameClaims = new List <Claim>(
from n in groupNames select new Claim("role", n.Value));
return(groupNameClaims);
}