This documentation is archived and is not being maintained.

WindowsPrincipal Class

Allows code to check the Windows group membership of a Windows user.


Namespace:  System.Security.Principal
Assembly:  mscorlib (in mscorlib.dll)

<SerializableAttribute> _
<ComVisibleAttribute(True)> _
<HostProtectionAttribute(SecurityAction.LinkDemand, SecurityInfrastructure := True)> _
Public Class WindowsPrincipal _
	Implements IPrincipal

The WindowsPrincipal type exposes the following members.

Public methodWindowsPrincipalInitializes a new instance of the WindowsPrincipal class by using the specified WindowsIdentity object.

Public propertyIdentityGets the identity of the current principal.

Public methodEquals(Object)Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodIsInRole(Int32)Determines whether the current principal belongs to the Windows user group with the specified relative identifier (RID).
Public methodIsInRole(SecurityIdentifier)Determines whether the current principal belongs to the Windows user group that has the specified security identifier (SID).
Public methodIsInRole(String)Determines whether the current principal belongs to the Windows user group that has the specified name.
Public methodIsInRole(WindowsBuiltInRole)Determines whether the current principal belongs to the Windows user group that has the specified WindowsBuiltInRole.
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)

The WindowsPrincipal class is primarily used to check the role of a Windows user. The WindowsPrincipal.IsInRole method overloads let you check the user role by using different role contexts.


The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: SecurityInfrastructure. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

How to: Create a WindowsPrincipal Object.NET Framework: Security
How to: Create a WindowsPrincipal Object.NET Framework: Security

The following example demonstrates how to use the IsInRole method overloads. The WindowsBuiltInRole enumeration is used as the source for the relative identifiers (RIDs) that identify the built-in roles. The RIDs are used to determine the roles of the current principal.

Imports System
Imports System.Threading
Imports System.Security.Permissions
Imports System.Security.Principal

Class SecurityPrincipalDemo

    Public Shared Sub DemonstrateWindowsBuiltInRoleEnum()
        Dim myDomain As AppDomain = Thread.GetDomain()

        Dim myPrincipal As WindowsPrincipal = CType(Thread.CurrentPrincipal, WindowsPrincipal)
        Console.WriteLine("{0} belongs to: ", myPrincipal.Identity.Name.ToString())
        Dim wbirFields As Array = [Enum].GetValues(GetType(WindowsBuiltInRole))
        Dim roleName As Object
        For Each roleName In wbirFields
                ' Cast the role name to a RID represented by the WindowsBuildInRole value.
                Console.WriteLine("{0}? {1}.", roleName, myPrincipal.IsInRole(CType(roleName, WindowsBuiltInRole)))
                Console.WriteLine("The RID for this role is: " + Fix(roleName).ToString())

                Console.WriteLine("{0}: Could not obtain role for this RID.", roleName)
            End Try
        Next roleName
        ' Get the role using the string value of the role.
        Console.WriteLine("{0}? {1}.", "Administrators", myPrincipal.IsInRole("BUILTIN\" + "Administrators"))
        Console.WriteLine("{0}? {1}.", "Users", myPrincipal.IsInRole("BUILTIN\" + "Users"))
        ' Get the role using the WindowsBuiltInRole enumeration value.
        Console.WriteLine("{0}? {1}.", WindowsBuiltInRole.Administrator, myPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
        ' Get the role using the WellKnownSidType.
        Dim sid As New SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, Nothing)
        Console.WriteLine("WellKnownSidType BuiltinAdministratorsSid  {0}? {1}.", sid.Value, myPrincipal.IsInRole(sid))

    End Sub 'DemonstrateWindowsBuiltInRoleEnum

    Public Shared Sub Main()

    End Sub 'Main
End Class 'SecurityPrincipalDemo 

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0, 1.1, 1.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.