SqlRoleProvider.FindUsersInRole Method (String, String)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

Gets an array of user names in a role where the user name contains the specified user name to match.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public override string[] FindUsersInRole(
	string roleName,
	string usernameToMatch


Type: System.String

The role to search in.

Type: System.String

The user name to search for.

Return Value

Type: System.String[]

A string array containing the names of all the users where the user name matches usernameToMatch and the user is a member of the specified role.

Exception Condition

roleName is null (Nothing in Visual Basic).


usernameToMatch is null.


roleName is an empty string or contains a comma.


usernameToMatch is an empty string.


roleName is longer than 256 characters.


usernameToMatch is longer than 256 characters.


roleName was not found in the database.


An unknown error occurred while communicating with the database.

The FindUsersInRole method is called by the Roles class and returns a list of users in a role where the user name contains a match of the supplied usernameToMatch for the configured applicationName. The SqlRoleProvider searches for a user name that matches the usernameToMatch parameter value using the LIKE keyword and supports SQL Server wildcard characters. For example, if the usernameToMatch parameter is set to "user1", then membership information for the user with the user name of "user1" is returned, if it exists. If the usernameToMatch parameter is set to "user%", then membership information for users with the user name of "user1", "user2", "user_admin", and so on are returned.

The following code example uses the FindUsersInRole method to display role membership based on user input. For an example of a Web.config file that enables role management, see Roles.

System_CAPS_security Security Note

This example contains a text box that accepts user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

string[] users;

public void Page_Load()
  if (!IsPostBack)
    RolesListBox.DataSource = Roles.GetAllRoles();

public void GoButton_OnClick(object sender, EventArgs args)
  Msg.Text = "";
  users = null;

  if (RolesListBox.SelectedItem == null)
    Msg.Text = "Please select a role.";

  users = Roles.FindUsersInRole(RolesListBox.SelectedItem.Text, UsernameTextBox.Text);

  if (users.Length < 1)
    Msg.Text = "No matching users found in selected role.";

  UserGrid.DataSource = users;

<html xmlns="http://www.w3.org/1999/xhtml" >
<title>Sample: Find Users</title>

<form id="form1" runat="server">
  <h3>User List</h3>

  <asp:Label id="Msg" runat="Server" ForeColor="red" />

  <table border="0" cellpadding="3" cellspacing="3">
      <td valign="top">Role:</td>
      <td valign="top"><asp:ListBox id="RolesListBox" runat="Server" /></td>
      <td valign="top">Username to Search for:</td>
      <td valign="top"><asp:TextBox id="UsernameTextBox" runat="server" /></td>
  <asp:Button id="GoButton" Text=" Go " OnClick="GoButton_OnClick" runat="server" /><br />

  <asp:DataGrid id="UserGrid" runat="server"
                CellPadding="2" CellSpacing="1"
    <HeaderStyle BackColor="darkblue" ForeColor="white" />



.NET Framework
Available since 2.0
Return to top