private static IEnumerable <Claim> CreateGroupClaims(WindowsPrincipal principal) { var groupSidClaims = principal.FindAll(ClaimTypes.GroupSid); var sids = new IdentityReferenceCollection(); foreach (var sidClaim in groupSidClaims) { sids.Add(new SecurityIdentifier(sidClaim.Value)); } var groupNames = sids.Translate(typeof(NTAccount)); var groupNameClaims = new List <Claim>( from n in groupNames select new Claim("role", n.Value)); return(groupNameClaims); }