0 out of 3 rated this helpful - Rate this topic

WindowsIdentity Class

.NET Framework 4.5

Other Versions

Represents a Windows user.

Inheritance Hierarchy

System.Object
System.Security.Claims.ClaimsIdentity
System.Security.Principal.WindowsIdentity

Namespace: System.Security.Principal
Assembly: mscorlib (in mscorlib.dll)

Syntax

C++

[SerializableAttribute]
[ComVisibleAttribute(true)]
public class WindowsIdentity : ClaimsIdentity, 
	ISerializable, IDeserializationCallback, IDisposable

The WindowsIdentity type exposes the following members.

Constructors

	Name	Description
	WindowsIdentity(IntPtr)	Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token.
	WindowsIdentity(String)	Initializes a new instance of the WindowsIdentity class for the user represented by the specified User Principal Name (UPN).
	WindowsIdentity(WindowsIdentity)	Initializes a new instance of the WindowsIdentity class by using the specified WindowsIdentity object.
	WindowsIdentity(IntPtr, String)	Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token and the specified authentication type.
	WindowsIdentity(SerializationInfo, StreamingContext)	Initializes a new instance of the WindowsIdentity class for the user represented by information in a SerializationInfo stream.
	WindowsIdentity(String, String)	Initializes a new instance of the WindowsIdentity class for the user represented by the specified User Principal Name (UPN) and the specified authentication type.
	WindowsIdentity(IntPtr, String, WindowsAccountType)	Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token, the specified authentication type, and the specified Windows account type.
	WindowsIdentity(IntPtr, String, WindowsAccountType, Boolean)	Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token, the specified authentication type, the specified Windows account type, and the specified authentication status.

Top

Properties

	Name	Description
	Actor	Gets or sets the identity of the calling party that was granted delegation rights. (Inherited from ClaimsIdentity.)
	AuthenticationType	Gets the type of authentication used to identify the user. (Overrides ClaimsIdentity.AuthenticationType.)
	BootstrapContext	Gets or sets the token that was used to create this claims identity. (Inherited from ClaimsIdentity.)
	Claims	Gets all claims for the user represented by this Windows identity. (Overrides ClaimsIdentity.Claims.)
	DeviceClaims	Gets claims that have the ClaimTypes.WindowsDeviceClaim property key.
	Groups	Gets the groups the current Windows user belongs to.
	ImpersonationLevel	Gets the impersonation level for the user.
	IsAnonymous	Gets a value indicating whether the user account is identified as an anonymous account by the system.
	IsAuthenticated	Gets a value indicating whether the user has been authenticated by Windows. (Overrides ClaimsIdentity.IsAuthenticated.)
	IsGuest	Gets a value indicating whether the user account is identified as a Guest account by the system.
	IsSystem	Gets a value indicating whether the user account is identified as a System account by the system.
	Label	Gets or sets the label for this claims identity. (Inherited from ClaimsIdentity.)
	Name	Gets the user's Windows logon name. (Overrides ClaimsIdentity.Name.)
	NameClaimType	Gets the claim type that is used to determine which claims provide the value for the Name property of this claims identity. (Inherited from ClaimsIdentity.)
	Owner	Gets the security identifier (SID) for the token owner.
	RoleClaimType	Gets the claim type that will be interpreted as a .NET Framework role among the claims in this claims identity. (Inherited from ClaimsIdentity.)
	Token	Gets the Windows account token for the user.
	User	Gets the security identifier (SID) for the user.
	UserClaims	Gets claims that have the ClaimTypes.WindowsUserClaim property key.

Top

Methods

	Name	Description
	AddClaim	Adds a single claim to this claims identity. (Inherited from ClaimsIdentity.)
	AddClaims	Adds a list of claims to this claims identity. (Inherited from ClaimsIdentity.)
	Clone	Creates a new object that is a copy of the current instance. (Overrides ClaimsIdentity.Clone().)
	Dispose()	Releases all resources used by the WindowsIdentity.
	Dispose(Boolean)	Releases the unmanaged resources used by the WindowsIdentity and optionally releases the managed resources.
	Equals(Object)	Determines whether the specified object is equal to the current object. (Inherited from Object.)
	Finalize	Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
	FindAll(Predicate<Claim>)	Retrieves all of the claims that are matched by the specified predicate. (Inherited from ClaimsIdentity.)
	FindAll(String)	Retrieves all of the claims that have the specified claim type. (Inherited from ClaimsIdentity.)
	FindFirst(Predicate<Claim>)	Retrieves the first claim that is matched by the specified predicate. (Inherited from ClaimsIdentity.)
	FindFirst(String)	Retrieves the first claim with the specified claim type. (Inherited from ClaimsIdentity.)
	GetAnonymous	Returns a WindowsIdentity object that represents an anonymous user.
	GetCurrent()	Returns a WindowsIdentity object that represents the current Windows user.
	GetCurrent(Boolean)	Returns a WindowsIdentity object that represents the Windows identity for either the thread or the process, depending on the value of the ifImpersonating parameter.
	GetCurrent(TokenAccessLevels)	Returns a WindowsIdentity object that represents the current Windows user, using the specified desired token access level.
	GetHashCode	Serves as a hash function for a particular type. (Inherited from Object.)
	GetObjectData	Populates the SerializationInfo with data needed to serialize the current ClaimsIdentity object. (Inherited from ClaimsIdentity.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	HasClaim(Predicate<Claim>)	Determines whether this claims identity has a claim that is matched by the specified predicate. (Inherited from ClaimsIdentity.)
	HasClaim(String, String)	Determines whether this claims identity has a claim with the specified claim type and value. (Inherited from ClaimsIdentity.)
	Impersonate()	Impersonates the user represented by the WindowsIdentity object.
	Impersonate(IntPtr)	Impersonates the user represented by the specified user token.
	MemberwiseClone	Creates a shallow copy of the current Object. (Inherited from Object.)
	RemoveClaim	Attempts to remove a claim from the claims identity. (Inherited from ClaimsIdentity.)
	ToString	Returns a string that represents the current object. (Inherited from Object.)
	TryRemoveClaim	Attempts to remove a claim from the claims identity. (Inherited from ClaimsIdentity.)

Top

Fields

	Name	Description
	DefaultIssuer	Identifies the name of the default ClaimsIdentity issuer.

Top

Explicit Interface Implementations

	Name	Description
	IDeserializationCallback.OnDeserialization	Infrastructure. Implements the ISerializable interface and is called back by the deserialization event when deserialization is complete.
	ISerializable.GetObjectData	Infrastructure. Sets the SerializationInfo object with the logical context information needed to recreate an instance of this execution context.

Top

Remarks

Call the GetCurrent method to create a WindowsIdentity object that represents the current user.

Examples

The following example shows the use of members of WindowsIdentity class. For an example showing how to obtain a Windows account token through a call to the unmanaged Win32 LogonUser function, and use that token to impersonate another user, see the WindowsImpersonationContext class.

C++

using System;
using System.Security.Principal;

class WindowsIdentityMembers
{
    [STAThread]
    static void Main(string[] args)
    {
        // Retrieve the Windows account token for the current user.
        IntPtr logonToken = LogonUser();

        // Constructor implementations.
        IntPtrConstructor(logonToken);
        IntPtrStringConstructor(logonToken);
        IntPtrStringTypeConstructor(logonToken);
        IntPrtStringTypeBoolConstructor(logonToken);

        // Property implementations.
        UseProperties(logonToken);

        // Method implementations.
        GetAnonymousUser();
        ImpersonateIdentity(logonToken);

        Console.WriteLine("This sample completed successfully; " +
            "press Enter to exit.");
        Console.ReadLine();
    }

    // Create a WindowsIdentity object for the user represented by the 
    // specified Windows account token. 
    private static void IntPtrConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token.
        WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }


    // Create a WindowsIdentity object for the user represented by the 
    // specified account token and authentication type. 
    private static void IntPtrStringConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token  
        // and the specified authentication type. 
        string authenticationType = "WindowsAuthentication";
        WindowsIdentity windowsIdentity =
			            new WindowsIdentity(logonToken, authenticationType);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }

    // Create a WindowsIdentity object for the user represented by the 
    // specified account token, authentication type, and Windows account 
    // type. 
    private static void IntPtrStringTypeConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token, 
        // and the specified authentication type, and Windows account type. 
        string authenticationType = "WindowsAuthentication";
        WindowsAccountType guestAccount = WindowsAccountType.Guest;
        WindowsIdentity windowsIdentity =
            new WindowsIdentity(logonToken, authenticationType, guestAccount);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }

    // Create a WindowsIdentity object for the user represented by the 
    // specified account token, authentication type, Windows account type, and 
    // Boolean authentication flag. 
    private static void IntPrtStringTypeBoolConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token, 
        // and the specified authentication type, Windows account type, and 
        // authentication flag. 
        string authenticationType = "WindowsAuthentication";
        WindowsAccountType guestAccount = WindowsAccountType.Guest;
        bool isAuthenticated = true;
        WindowsIdentity windowsIdentity = new WindowsIdentity(
            logonToken, authenticationType, guestAccount, isAuthenticated);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }
    // Access the properties of a WindowsIdentity object. 
    private static void UseProperties(IntPtr logonToken)
    {
        WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);
        string propertyDescription = "The Windows identity named ";

        // Retrieve the Windows logon name from the Windows identity object.
        propertyDescription += windowsIdentity.Name;

        // Verify that the user account is not considered to be an Anonymous 
        // account by the system. 
        if (!windowsIdentity.IsAnonymous)
        {
            propertyDescription += " is not an Anonymous account";
        }

        // Verify that the user account has been authenticated by Windows. 
        if (windowsIdentity.IsAuthenticated)
        {
            propertyDescription += ", is authenticated";
        }

        // Verify that the user account is considered to be a System account 
        // by the system. 
        if (windowsIdentity.IsSystem)
        {
            propertyDescription += ", is a System account";
        }
        // Verify that the user account is considered to be a Guest account 
        // by the system. 
        if (windowsIdentity.IsGuest)
        {
            propertyDescription += ", is a Guest account";
        }

        // Retrieve the authentication type for the 
        String authenticationType = windowsIdentity.AuthenticationType;

        // Append the authenication type to the output message. 
        if (authenticationType != null)
        {
            propertyDescription += (" and uses " + authenticationType);
            propertyDescription += (" authentication type.");
        }

        Console.WriteLine(propertyDescription);

        // Display the SID for the owner.
        Console.Write("The SID for the owner is : ");
        SecurityIdentifier si = windowsIdentity.Owner;
        Console.WriteLine(si.ToString());
        // Display the SIDs for the groups the current user belongs to.
        Console.WriteLine("Display the SIDs for the groups the current user belongs to.");
        IdentityReferenceCollection irc = windowsIdentity.Groups;
        foreach (IdentityReference ir in irc)
            Console.WriteLine(ir.Value);
        TokenImpersonationLevel token = windowsIdentity.ImpersonationLevel;
        Console.WriteLine("The impersonation level for the current user is : " + token.ToString());
    }

    // Retrieve the account token from the current WindowsIdentity object 
    // instead of calling the unmanaged LogonUser method in the advapi32.dll. 
    private static IntPtr LogonUser()
    {
        IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
        Console.WriteLine( "Token number is: " + accountToken.ToString());

        return accountToken;
    }

    // Get the WindowsIdentity object for an Anonymous user. 
    private static void GetAnonymousUser()
    {
        // Retrieve a WindowsIdentity object that represents an anonymous 
        // Windows user.
        WindowsIdentity windowsIdentity = WindowsIdentity.GetAnonymous();
    }

    // Impersonate a Windows identity. 
    private static void ImpersonateIdentity(IntPtr logonToken)
    {
        // Retrieve the Windows identity using the specified token.
        WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);

        // Create a WindowsImpersonationContext object by impersonating the 
        // Windows identity.
        WindowsImpersonationContext impersonationContext =
            windowsIdentity.Impersonate();

        Console.WriteLine("Name of the identity after impersonation: "
            + WindowsIdentity.GetCurrent().Name + ".");
        Console.WriteLine(windowsIdentity.ImpersonationLevel);
        // Stop impersonating the user.
        impersonationContext.Undo();

        // Check the identity name.
        Console.Write("Name of the identity after performing an Undo on the");
        Console.WriteLine(" impersonation: " +
            WindowsIdentity.GetCurrent().Name);
    }
}

Version Information

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Platforms

Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Reference

System.Security.Principal Namespace

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)