WindowsTokenRoleProvider.IsUserInRole Method (String, WindowsBuiltInRole)
Assembly: System.Web (in system.web.dll)
'Declaration Public Function IsUserInRole ( _ username As String, _ role As WindowsBuiltInRole _ ) As Boolean 'Usage Dim instance As WindowsTokenRoleProvider Dim username As String Dim role As WindowsBuiltInRole Dim returnValue As Boolean returnValue = instance.IsUserInRole(username, role)
public boolean IsUserInRole ( String username, WindowsBuiltInRole role )
public function IsUserInRole ( username : String, role : WindowsBuiltInRole ) : boolean
Not applicable.
Parameters
- username
The user name to search for in the form DOMAIN\username.
- role
The Windows role to search in.
Return Value
true if the specified user is in the specified Windows role; otherwise, false.| Exception type | Condition |
|---|---|
|
username is a null reference (Nothing in Visual Basic). | |
|
The currently executing user does not have an authenticated WindowsIdentity attached to Page.User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to Thread.CurrentPrincipal. -or- username does not match the Name of the current WindowsIdentity. |
The IsUserInRole method enables you to check whether a user is in one of the common Windows roles described by the WindowsBuiltInRole enumeration. This method is useful for applications that are localized into multiple languages. This overload of the IsUserInRole method is not part of the RoleProvider base class and can only be accessed by casting the Provider property of the Roles class as the WindowsTokenRoleProvider type.
You can call the IsUserInRole method only for the currently logged-on user, as identified by the LOGON_USER server variable. If the value supplied in the username parameter is not the name of the currently logged-on user, an HttpException is thrown.
IsUserInRole method can only be called for the currently logged-on user identified by the LOGON_USER server variable. The current logged on user must be a Windows authenticated user. For more information on ASP.NET and Windows authentication, see ASP.NET Authentication.
The following code example programmatically checks whether the currently logged-on user is in the Administrators role before allowing the user to view roles information for the application. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.
<%@ Page Language="VB" %> <%@ Import Namespace="System.Web.Security" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <script runat="server"> Dim rolesArray() As String Public Sub Page_Load() Msg.Text = "" Dim provider As WindowsTokenRoleProvider = CType(Roles.Provider, WindowsTokenRoleProvider) If Not provider.IsUserInRole(User.Identity.Name, _ System.Security.Principal.WindowsBuiltInRole.Administrator) Then Msg.Text = "You are not authorized to view user roles." Return End If ' Bind roles to GridView. Try rolesArray = Roles.GetRolesForUser(User.Identity.Name) Catch e As HttpException Msg.Text = "There is no current logged on user. Role membership cannot be verified." Return End Try UserRolesGrid.DataSource = rolesArray UserRolesGrid.DataBind() UserRolesGrid.Columns(0).HeaderText = "Roles for " & User.Identity.Name End Sub </script> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>Sample: View User Roles</title> </head> <body> <form runat="server" id="PageForm"> <h3>View User Roles</h3> <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br /> <table border="0" cellspacing="4"> <tr> <td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid" AutoGenerateColumns="false" Gridlines="None" CellSpacing="0" > <HeaderStyle BackColor="navy" ForeColor="white" /> <Columns> <asp:TemplateField HeaderText="Roles" > <ItemTemplate> <%# Container.DataItem.ToString() %> </ItemTemplate> </asp:TemplateField> </Columns> </asp:GridView></td> </tr> </table> </form> </body> </html>