WindowsTokenRoleProvider.GetRolesForUser Method (String)


Gets a list of the Windows groups that a user is in.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

Public Overrides Function GetRolesForUser (
	username As String
) As String()


Type: System.String

The user to return the list of Windows groups for in the form DOMAIN\username.

Return Value

Type: System.String()

A string array containing the names of all the Windows groups that the specified user is in.

Exception Condition

The currently executing user does not have an authenticated WindowsIdentity attached to Page.User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to Thread.CurrentPrincipal.


username does not match the Name of the current WindowsIdentity.


A failure occurred while retrieving the user's Windows group information.


username is null.


The trust level is less than Low.

This method is called by the Roles class to retrieve from the Windows operating system a list of the Windows groups that the specified user is in. The GetRolesForUser method can be called only for the currently logged-on user, as identified by the LOGON_USER server variable. If the value supplied in the username parameter is not the name of the currently logged-on user, a System.Configuration.Provider.ProviderException is thrown.

For more information an ASP.NET and Windows authentication, see ASP.NET Authentication.

The following code example uses the GetRolesForUser method to retrieve a list of roles for a specified user and binds the list of roles to a GridView control. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.

<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

Dim rolesArray() As String

Public Sub Page_Load()
  Msg.Text = ""

    If Not Roles.IsUserInRole(User.Identity.Name, "BUILTIN\Administrators") Then
      Msg.Text = "You are not authorized to view user roles."
    End If
  Catch e As HttpException
    Msg.Text = "There is no current logged on user. Role membership cannot be verified."
  End Try

  ' Bind roles to GridView.

  rolesArray = Roles.GetRolesForUser(User.Identity.Name)
  UserRolesGrid.DataSource = rolesArray

  UserRolesGrid.Columns(0).HeaderText = "Roles for " & User.Identity.Name
End Sub

<html xmlns="" >
<title>Sample: View User Roles</title>

<form runat="server" id="PageForm">

  <h3>View User Roles</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table border="0" cellspacing="4">
      <td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid" 
                                     AutoGenerateColumns="false" Gridlines="None" 
                                     CellSpacing="0" >
                         <HeaderStyle BackColor="navy" ForeColor="white" />
                           <asp:TemplateField HeaderText="Roles" >
                               <%# Container.DataItem.ToString() %>



.NET Framework
Available since 2.0
Return to top