WindowsIdentity Constructor (String)


Initializes a new instance of the WindowsIdentity class for the user represented by the specified User Principal Name (UPN).

Namespace:   System.Security.Principal
Assembly:  mscorlib (in mscorlib.dll)

public WindowsIdentity(
	string sUserPrincipalName


Type: System.String

The UPN for the user on whose behalf the code is running.

Exception Condition

Windows returned the Windows NT status code STATUS_ACCESS_DENIED.


There is insufficient memory available.


The caller does not have the correct permissions.


The computer is not attached to a Windows 2003 or later domain.


The computer is not running Windows 2003 or later.


The user is not a member of the domain the computer is attached to.

A UPN has the format, in other words, an email address. The UPN identified in sUserPrincipalName is used to retrieve a token for that user through the Win32 API LsaLogonUser function. In turn that token is used to identify the user. An exception might be returned due to the inability to log on using the supplied UPN.


This constructor is intended for use only on computers joined to Windows Server 2003 or later domains. An exception is thrown for earlier domain types. This restriction is due to the fact that this constructor uses the KERB_S4U_LOGON structure, which was first introduced in Windows Server 2003.


for the ability to manipulate the principal object. Associated enumeration: SecurityPermissionFlag.ControlPrincipal.


for the ability to access unmanaged code. Associated enumeration: SecurityPermissionFlag.UnmanagedCode.

.NET Framework
Available since 1.1
Return to top