Export (0) Print
Expand All

WindowsPrincipal.IsInRole Method (Int32)

Determines whether the current principal belongs to the Windows user group with the specified relative identifier (RID).

Namespace:  System.Security.Principal
Assembly:  mscorlib (in mscorlib.dll)

public virtual bool IsInRole(
	int rid
)

Parameters

rid
Type: System.Int32

The RID of the Windows user group in which to check for the principal’s membership status.

Return Value

Type: System.Boolean
true if the current principal is a member of the specified Windows user group, that is, in a particular role; otherwise, false.

When testing for newly created role information, such as a new user or a new group, it is important to log out and log in to force the propagation of role information within the domain. Not doing so can cause the IsInRole test to return false. This method is not supported on Windows 98 or Windows Millennium Edition.

For performance reasons, the IsInRole(SecurityIdentifier) overload is recommended as the preferable overload for determining the user's role.

NoteNote

In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator.

Relative identifiers (RIDs) are components of a Windows user group's security identifier (SID) and are supported to help prevent cross-platform localization issues. Many user accounts, local groups, and global groups have a default RID value that is constant across all versions of Windows.

For example, the RID for the BUILTIN\Administrators role is 0x220. Using 0x220 as the input parameter for the IsInRole method results in true being returned if the current principal is an administrator.

The following tables list the default RID values.

Built-in users

RID

DOMAINNAME\Administrator

0x1F4

DOMAINNAME\Guest

0x1F5

Built-in global groups

RID

DOMAINNAME\Domain Admins

0x200

DOMAINNAME\Domain Users

0x201

DOMAINNAME\Domain Guests

0x202

Built-in local groups

RID

BUILTIN\Administrators

0x220

BUILTIN\Users

0x221

BUILTIN\Guests

0x222

BUILTIN\Account Operators

0x224

BUILTIN\Server Operators

0x225

BUILTIN\Print Operators

0x226

BUILTIN\Backup Operators

0x227

BUILTIN\Replicator

0x228

The following code example demonstrates the use of the IsInRole methods. The WindowsBuiltInRole enumeration is used as the source for the RIDs that identify the built-in roles. The RIDs are used to determine the roles of the current principal.

using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{
    public static void DemonstrateWindowsBuiltInRoleEnum()
    {
        AppDomain myDomain = Thread.GetDomain();

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
        Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
        foreach (object roleName in wbirFields)
        {
            try
            {
                // Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName,
                    myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

            }
            catch (Exception)
            {
                Console.WriteLine("{0}: Could not obtain role for this RID.",
                    roleName);
            }
        }
        // Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators",
            myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
        Console.WriteLine("{0}? {1}.", "Users",
            myPrincipal.IsInRole("BUILTIN\\" + "Users"));
        // Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
           myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
        // Get the role using the WellKnownSidType.
        SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));
    }

    public static void Main()
    {
        DemonstrateWindowsBuiltInRoleEnum();
    }
}

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft