WindowsPrincipal Class

Enables code to check the Windows group membership of a Windows user.

System.Object
  System.Security.Claims.ClaimsPrincipal
    System.Security.Principal.WindowsPrincipal

Namespace:  System.Security.Principal
Assembly:  mscorlib (in mscorlib.dll)

[SerializableAttribute]
[ComVisibleAttribute(true)]
[HostProtectionAttribute(SecurityAction.LinkDemand, SecurityInfrastructure = true)]
public class WindowsPrincipal : ClaimsPrincipal

The WindowsPrincipal type exposes the following members.

  NameDescription
Public methodWindowsPrincipalInitializes a new instance of the WindowsPrincipal class by using the specified WindowsIdentity object.
Top

  NameDescription
Public propertyClaimsGets a collection that contains all of the claims from all of the claims identities associated with this claims principal. (Inherited from ClaimsPrincipal.)
Public propertyDeviceClaimsGets all Windows device claims from this principal.
Public propertyIdentitiesGets a collection that contains all of the claims identities associated with this claims principal. (Inherited from ClaimsPrincipal.)
Public propertyIdentityGets the identity of the current principal. (Overrides ClaimsPrincipal.Identity.)
Public propertyUserClaimsGets all Windows user claims from this principal.
Top

  NameDescription
Public methodAddIdentitiesAdds the specified claims identities to this claims principal. (Inherited from ClaimsPrincipal.)
Public methodAddIdentityAdds the specified claims identity to this claims principal. (Inherited from ClaimsPrincipal.)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodFindAll(Predicate<Claim>)Retrieves all of the claims that are matched by the specified predicate. (Inherited from ClaimsPrincipal.)
Public methodFindAll(String)Retrieves all or the claims that have the specified claim type. (Inherited from ClaimsPrincipal.)
Public methodFindFirst(Predicate<Claim>)Retrieves the first claim that is matched by the specified predicate. (Inherited from ClaimsPrincipal.)
Public methodFindFirst(String)Retrieves the first claim with the specified claim type. (Inherited from ClaimsPrincipal.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Protected methodGetObjectDataPopulates the SerializationInfo with data needed to serialize the current ClaimsPrincipal object. (Inherited from ClaimsPrincipal.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodHasClaim(Predicate<Claim>)Determines whether any of the claims identities associated with this claims principal contains a claim that is matched by the specified predicate. (Inherited from ClaimsPrincipal.)
Public methodHasClaim(String, String)Determines whether any of the claims identities associated with this claims principal contains a claim with the specified claim type and value. (Inherited from ClaimsPrincipal.)
Public methodIsInRole(Int32)Determines whether the current principal belongs to the Windows user group with the specified relative identifier (RID).
Public methodIsInRole(SecurityIdentifier)Determines whether the current principal belongs to the Windows user group with the specified security identifier (SID).
Public methodIsInRole(String)Determines whether the current principal belongs to the Windows user group with the specified name. (Overrides ClaimsPrincipal.IsInRole(String).)
Public methodIsInRole(WindowsBuiltInRole)Determines whether the current principal belongs to the Windows user group with the specified WindowsBuiltInRole.
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

The WindowsPrincipal class is primarily used to check the role of a Windows user. The WindowsPrincipal.IsInRole method overloads let you check the user role by using different role contexts.

NoteNote

The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: SecurityInfrastructure. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

TopicLocation
How to: Create a WindowsPrincipal Object.NET Framework: Security
How to: Create a WindowsPrincipal Object.NET Framework: Security

The following example demonstrates how to use the IsInRole method overloads. The WindowsBuiltInRole enumeration is used as the source for the relative identifiers (RIDs) that identify the built-in roles. The RIDs are used to determine the roles of the current principal.

using System;
using System.Threading;
using System.Security.Permissions;
using System.Security.Principal;

class SecurityPrincipalDemo
{
    public static void DemonstrateWindowsBuiltInRoleEnum()
    {
        AppDomain myDomain = Thread.GetDomain();

        myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
        WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString());
        Array wbirFields = Enum.GetValues(typeof(WindowsBuiltInRole));
        foreach (object roleName in wbirFields)
        {
            try
            {
                // Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName,
                    myPrincipal.IsInRole((WindowsBuiltInRole)roleName));
                Console.WriteLine("The RID for this role is: " + ((int)roleName).ToString());

            }
            catch (Exception)
            {
                Console.WriteLine("{0}: Could not obtain role for this RID.",
                    roleName);
            }
        }
        // Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators",
            myPrincipal.IsInRole("BUILTIN\\" + "Administrators"));
        Console.WriteLine("{0}? {1}.", "Users",
            myPrincipal.IsInRole("BUILTIN\\" + "Users"));
        // Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator,
           myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));
        // Get the role using the WellKnownSidType.
        SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid));
    }

    public static void Main()
    {
        DemonstrateWindowsBuiltInRoleEnum();
    }
}

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft