AuthorizationHelper.DemandAll Method (SecurityIdentifier[], Boolean)

 

Determines whether the current thread principal is a member of all of the specified groups.

Namespace:   Microsoft.WindowsServerSolutions.Common.ProviderFramework
Assembly:  ProviderFramework (in ProviderFramework.dll)

Syntax

public static bool DemandAll(
    SecurityIdentifier[] groupSids,
    bool throwIfFailed
)

public:
static bool DemandAll(
    array<SecurityIdentifier^>^ groupSids,
    bool throwIfFailed
)

Public Shared Function DemandAll (
    groupSids As SecurityIdentifier(),
    throwIfFailed As Boolean
) As Boolean

Parameters

• groupSids
  Type: System.Security.Principal.SecurityIdentifier[]

  The SID of the groups to be checked.

• throwIfFailed
  Type: System.Boolean

  If this value is true, IntentionalFaultException of SecurityAccessDeniedException is thrown if the principal failed the authorization check. An argument exception is thrown for any invalid arguments regardless of this value.

Return Value

Type: System.Boolean

true if the current thread principal is a member of all of the specified groups; otherwise, false.

Remarks

If the current thread principal is a member of all of the listed groups, no exception is thrown; otherwise, IntentionalFaultException of SecurityAccessDeniedException is thrown.

A principal object represents the security context of the user on whose behalf the code is running, which includes the identity of the user (IIdentity) and any roles to which they belong.

By default, the domain administrators account is a member of the built-in administrators group (S-1-5-32-544). LocalSystem is a member of the built-in administrators group, but is part of the Service group (S-1-5-6). Any service that is running under a particular user account will get the Service SID added to the access token groups.

See Also

AuthorizationHelper Class
Microsoft.WindowsServerSolutions.Common.ProviderFramework Namespace

Return to top