WindowsTokenRoleProvider.GetRolesForUser Method

Gets a list of the Windows groups that a user is in.

Namespace: System.Web.Security
Assembly: System.Web (in system.web.dll)

public override string[] GetRolesForUser (
	string username
public String[] GetRolesForUser (
	String username
public override function GetRolesForUser (
	username : String
) : String[]
Not applicable.



The user to return the list of Windows groups for in the form DOMAIN\username.

Return Value

A string array containing the names of all the Windows groups that the specified user is in.

Exception typeCondition


The currently executing user does not have an authenticated WindowsIdentity attached to Page.User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to Thread.CurrentPrincipal.


username does not match the Name of the current WindowsIdentity.


A failure occurred while retrieving the user's Windows group information.


username is a null reference (Nothing in Visual Basic).


The trust level is less than Low.

This method is called by the Roles class to retrieve from the Windows operating system a list of the Windows groups that the specified user is in. The GetRolesForUser method can be called only for the currently logged-on user, as identified by the LOGON_USER server variable. If the value supplied in the username parameter is not the name of the currently logged-on user, a System.Configuration.Provider.ProviderException is thrown.

For more information an ASP.NET and Windows authentication, see ASP.NET Authentication.

The following code example uses the GetRolesForUser method to retrieve a list of roles for a specified user and binds the list of roles to a GridView control. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

string[] rolesArray;

public void Page_Load()
  Msg.Text = "";

    if (!Roles.IsUserInRole(User.Identity.Name, @"BUILTIN\Administrators"))
      Msg.Text = "You are not authorized to view user roles.";
  catch (HttpException e)
    Msg.Text = "There is no current logged on user. Role membership cannot be verified.";

  // Bind roles to GridView.

  rolesArray = Roles.GetRolesForUser(User.Identity.Name);
  UserRolesGrid.DataSource = rolesArray;

  UserRolesGrid.Columns[0].HeaderText = "Roles for " + User.Identity.Name;

<html xmlns="" >
<title>Sample: View User Roles</title>

<form runat="server" id="PageForm">

  <h3>View User Roles</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table border="0" cellspacing="4">
      <td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid" 
                                     AutoGenerateColumns="false" Gridlines="None" 
                                     CellSpacing="0" >
                         <HeaderStyle BackColor="navy" ForeColor="white" />
                           <asp:TemplateField HeaderText="Roles" >
                               <%# Container.DataItem.ToString() %>



Windows 98, Windows Server 2000 SP4, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions