Saturday, October 31, 2009

Authentication and Authorization

Well, it's Halloween, and in between going to answer the doorbell, I'm still studying for my Microsoft .NET 70-536 exam.

Can't think of anything I'd rather be doing on Halloween than studying and writing code. :-)

Authentication and Authorization classes reside in the System.Security.Principal namespace.

The following classes and interfaces exist in this namespace:

  • WindowsIdentity - Represents a Windows or AD user account.
  • WindowsPrincipal - Provides access to a user's group memberships. From my study book, "You can use the WindowsPrincipal class to determine which groups a user is a member of. To query for built-in groups, pass to the WindowsPrincipal.IsInRole method a member of the System.Security.Principal.WindowsBuiltInRole".
  • GenericIdentity - For simple, non-Microsoft directory service user account.
  • GenericPrincipal - For simple, non-Microsoft directory service groups.
  • IIdentity - For custom users.
  • IPrincipal - For custom groups.
  • WindowsBuiltInRole (enum) - local Windows groups that are common in NT, 2000, XP. Include: User, PowerUser, Administrator, Guest, AccountOperator, SystemOperator, PrintOperator, BackupOperator, and Replicator.

Here is sample code to get the current user's group memberships:

using System;
using System.Threading;
using System.Security.Principal;

namespace IdentityPrincipal
class Program
static void Main(string[] args)
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
Console.WriteLine("Current User: '{0}", currentIdentity.Name);

// Two ways to get the currentPrincipal.
// 1. Through the WindowsPrincipal constructor passing in currentIdentity.
//WindowsPrincipal currentPrincipal = new WindowsPrincipal(currentIdentity);

// 2. Through the Thread.CurrentPrincipal property (after setting the Principal Policy of the
// current domain. For this sample program, we will use this method.
WindowsPrincipal currentPrincipal = (WindowsPrincipal) Thread.CurrentPrincipal;

if (currentPrincipal.IsInRole(WindowsBuiltInRole.User))
Console.WriteLine("Current User is a User");
if (currentPrincipal.IsInRole(WindowsBuiltInRole.Guest))
Console.WriteLine("Current User is a Guest");
if (currentPrincipal.IsInRole(WindowsBuiltInRole.PowerUser))
Console.WriteLine("Current User is a Power User");
if (currentPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
Console.WriteLine("Current User is an Administrator");

No comments:

Post a Comment