WindowsTokenRoleProvider.IsUserInRole Method (String, String)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Gets a value indicating whether the specified user is in the specified Windows group.

Namespace:   System.Web.Security
Assembly:  System.Web (in System.Web.dll)

public override bool IsUserInRole(
	string username,
	string roleName


Type: System.String

The user name to search for in the form DOMAIN\username.

Type: System.String

The Windows group to search in the form DOMAIN\rolename.

Return Value

Type: System.Boolean

true if the specified user name is in the specified Windows group; otherwise, false.

Exception Condition

username is null.


roleName is null.


The currently executing user does not have an authenticated WindowsIdentity attached to Page.User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to Thread.CurrentPrincipal.


username does not match the Name of the current WindowsIdentity.


A failure occurred while retrieving the user's Windows group information.

The IsUserInRole method is called by the Roles class and the IsInRole method of the User property to determine whether a user is in a Windows group. You can call the IsUserInRole method only for the currently logged-on user, as identified by the LOGON_USER server variable. The current logged-on user must be a Windows authenticated user. For more information on ASP.NET and Windows authentication, see ASP.NET Authentication.

The following code example programmatically checks whether the currently logged-on user is in the Administrators role before allowing the user to view roles information for the application. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.

<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<script runat="server">

string[] rolesArray;

public void Page_Load()
  Msg.Text = "";

    if (!Roles.IsUserInRole(User.Identity.Name, @"BUILTIN\Administrators"))
      Msg.Text = "You are not authorized to view user roles.";
  catch (HttpException e)
    Msg.Text = "There is no current logged on user. Role membership cannot be verified.";

  // Bind roles to GridView.

  rolesArray = Roles.GetRolesForUser(User.Identity.Name);
  UserRolesGrid.DataSource = rolesArray;

  UserRolesGrid.Columns[0].HeaderText = "Roles for " + User.Identity.Name;

<html xmlns="" >
<title>Sample: View User Roles</title>

<form runat="server" id="PageForm">

  <h3>View User Roles</h3>

  <asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />

  <table border="0" cellspacing="4">
      <td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid" 
                                     AutoGenerateColumns="false" Gridlines="None" 
                                     CellSpacing="0" >
                         <HeaderStyle BackColor="navy" ForeColor="white" />
                           <asp:TemplateField HeaderText="Roles" >
                               <%# Container.DataItem.ToString() %>



.NET Framework
Available since 2.0
Return to top