WindowsTokenRoleProvider.IsUserInRole Method (String, WindowsBuiltInRole)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Gets a value indicating whether the specified user is in the specified built-in Windows role.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public bool IsUserInRole(
	string username,
	WindowsBuiltInRole role


Type: System.String

The user name to search for in the form DOMAIN\username.

Type: System.Security.Principal.WindowsBuiltInRole

The Windows role to search in.

Return Value

Type: System.Boolean

true if the specified user is in the specified Windows role; otherwise, false.

Exception Condition

username is null.


The currently executing user does not have an authenticated WindowsIdentity attached to Page.User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to Thread.CurrentPrincipal.


username does not match the Name of the current WindowsIdentity.

The IsUserInRole method enables you to check whether a user is in one of the common Windows roles described by the WindowsBuiltInRole enumeration. This method is useful for applications that are localized into multiple languages. This overload of the IsUserInRole method is not part of the RoleProvider base class and can only be accessed by casting the Provider property of the Roles class as the WindowsTokenRoleProvider type.

You can call the IsUserInRole method only for the currently logged-on user, as identified by the LOGON_USER server variable. If the value supplied in the username parameter is not the name of the currently logged-on user, an HttpException is thrown.

IsUserInRole method can only be called for the currently logged-on user identified by the LOGON_USER server variable. The current logged on user must be a Windows authenticated user. For more information on ASP.NET and Windows authentication, see ASP.NET Authentication.

The following code example programmatically checks whether the currently logged-on user is in the Administrators role before allowing the user to view roles information for the application. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Security.Principal" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

string[] rolesArray;

public void Page_Load()
  Msg.Text = "";

  WindowsPrincipal p = (WindowsPrincipal)System.Threading.Thread.CurrentPrincipal;

  if (!p.IsInRole(WindowsBuiltInRole.Administrator))
    Msg.Text = "You are not authorized to view user roles.";

  // Bind roles to GridView.

    rolesArray = Roles.GetRolesForUser(User.Identity.Name);
  catch (HttpException e)
    Msg.Text = "There is no current logged on user. Role membership cannot be verified.";

  UserRolesGrid.DataSource = rolesArray;

  UserRolesGrid.Columns[0].HeaderText = "Roles for " + User.Identity.Name;

<html xmlns="" >
<title>Sample: View User Roles</title>

<form runat="server" id="PageForm">

  <h3>View User Roles</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table border="0" cellspacing="4">
      <td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid" 
                                     AutoGenerateColumns="false" Gridlines="None" 
                                     CellSpacing="0" >
                         <HeaderStyle BackColor="navy" ForeColor="white" />
                           <asp:TemplateField HeaderText="Roles" >
                               <%# Container.DataItem.ToString() %>



.NET Framework
Available since 2.0
Return to top