Export (0) Print
Expand All

WindowsTokenRoleProvider.GetRolesForUser Method

Gets a list of the Windows groups that a user is in.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public override string[] GetRolesForUser(
	string username


Type: System.String

The user to return the list of Windows groups for in the form DOMAIN\username.

Return Value

Type: System.String[]
A string array containing the names of all the Windows groups that the specified user is in.


The currently executing user does not have an authenticated WindowsIdentity attached to Page.User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to Thread.CurrentPrincipal.


username does not match the Name of the current WindowsIdentity.


A failure occurred while retrieving the user's Windows group information.


username is null.


The trust level is less than Low.

This method is called by the Roles class to retrieve from the Windows operating system a list of the Windows groups that the specified user is in. The GetRolesForUser method can be called only for the currently logged-on user, as identified by the LOGON_USER server variable. If the value supplied in the username parameter is not the name of the currently logged-on user, a System.Configuration.Provider.ProviderException is thrown.

For more information an ASP.NET and Windows authentication, see ASP.NET Authentication.

The following code example uses the GetRolesForUser method to retrieve a list of roles for a specified user and binds the list of roles to a GridView control. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

string[] rolesArray;

public void Page_Load()
  Msg.Text = "";

    if (!Roles.IsUserInRole(User.Identity.Name, @"BUILTIN\Administrators"))
      Msg.Text = "You are not authorized to view user roles.";
  catch (HttpException e)
    Msg.Text = "There is no current logged on user. Role membership cannot be verified.";

  // Bind roles to GridView.

  rolesArray = Roles.GetRolesForUser(User.Identity.Name);
  UserRolesGrid.DataSource = rolesArray;

  UserRolesGrid.Columns[0].HeaderText = "Roles for " + User.Identity.Name;

<html xmlns="http://www.w3.org/1999/xhtml" >
<title>Sample: View User Roles</title>

<form runat="server" id="PageForm">

  <h3>View User Roles</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table border="0" cellspacing="4">
      <td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid" 
                                     AutoGenerateColumns="false" Gridlines="None" 
                                     CellSpacing="0" >
                         <HeaderStyle BackColor="navy" ForeColor="white" />
                           <asp:TemplateField HeaderText="Roles" >
                               <%# Container.DataItem.ToString() %>



.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

© 2014 Microsoft