Assembly: System.Web (in system.web.dll)
The WindowsTokenRoleProvider class is a read-only role-membership provider that retrieves role information for a Windows user based on Windows security groups. It is most useful with ASP.NET applications that use Windows authentication mode where the IIS authentication settings disable anonymous authentication. You can configure ASP.NET applications to allow or deny access based on a user's membership in a particular Windows group.
You cannot use the WindowsTokenRoleProvider class to create or delete roles or modify the membership of a role that is based on Windows group membership. This functionality is managed by the Windows operating system. The WindowsTokenRoleProvider class supports only the IsUserInRole and GetUsersInRole methods of the RoleProvider abstract class.
The following example shows the Web.config file for an ASP.NET application. It specifies that the application uses both Windows authentication and the WindowsTokenRoleProvider class to retrieve role information for Windows users. The authorization element specifies that only users in the BUILTIN\Administrators group are allowed access to the application.
<configuration> <system.web> <authentication mode="Windows" /> <authorization> <allow roles="BUILTIN\Administrators" /> <deny users="*" /> </authorization> <roleManager defaultProvider="WindowsProvider" enabled="true" cacheRolesInCookie="false"> <providers> <add name="WindowsProvider" type="System.Web.Security.WindowsTokenRoleProvider" /> </providers> </roleManager> </system.web> </configuration>