How To Check the Windows Identity in a Client Application in Windows .NET Framework (301256)



The information in this article applies to:

  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0

This article was previously published under Q301256
This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location from which you downloaded the release.

IN THIS TASK

SUMMARY

This article demonstrates how to use the classes in the System.Security.Principal namespace to check the user's Microsoft Windows user name and group memberships from a client application.

back to the top

Requirements

The following list outlines the recommended hardware, software, network infrastructure, and service packs that you will need:
  • Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server, or Windows NT 4.0 Server
  • Microsoft Visual Studio .NET
This article assumes that you are familiar with the following topics:
  • Visual Studio .NET
  • Windows security
back to the top

How to Check the Windows Identity in a Client Application

  1. Open Visual Studio .NET.
  2. Create a new Console Application in Visual Basic .NET.
  3. Use the Imports statement on the System.Security.Principal namespace so that you are not required to qualify WindowsPrincipal and WindowsIdentity declarations later in your code. You must use the Imports statement prior to any other declarations.
    Imports System.Security.Principal
    					
  4. Make a call to the SetPrincipalPolicy method of the CurrentDomain object, and set the WindowsPrincipal class so that it is attached to the thread. Without this call, the principal that is returned is a GenericPrincipal class that contains no user information. Add this code to the Main method of Module1.
    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal)
    						
    NOTE: The call to SetPrincipalPolicy requires the ControlPrincipal property SecurityPermission class, which is not normally given out to less than fully-trusted code. This prevents semi-trusted code (such as code that runs off the Internet) from gaining access to a user's account name.
  5. Declare a WindowsPrincipal object, and use System.Threading.Thread.CurrentPrincipal to access the current principal from the Thread class. Because this method returns an IPrincipal interface, it must be cast as a WindowsPrincipal object before you can use it as one.
    Dim user As WindowsPrincipal = CType(System.Threading.Thread.CurrentPrincipal, WindowsPrincipal)
    					
  6. Declare a WindowsIdentity object to hold the identity information of the user. Use the Identity property of the WindowsPrincipal object.
    Dim ident As WindowsIdentity = user.Identity
    					
  7. Alternately, if you only want to get the user's identity, use the GetCurrent static method as a shortcut to steps 5 and 6. The principal's information can then be retrieved from the user's identity.
    Dim ident As WindowsIdentity = WindowsIdentity.GetCurrent()
    Dim user As New WindowsPrincipal(ident)
    					
  8. Use the Name property to retrieve the user's name, and use the AuthenticationType property to display that to the console.
    Console.WriteLine("User name: {0}", ident.Name)
    Console.WriteLine("Authentication type: {0}", ident.AuthenticationType)
    					
  9. Use the IsInRole method of the WindowsPrincipal object to see whether the user is in various, built-in groups (or others).
    Console.WriteLine("Is in Administrators group: {0}", user.IsInRole(WindowsBuiltInRole.Administrator))
    Console.WriteLine("Is in Guests group: {0}", user.IsInRole(WindowsBuiltInRole.Guest))
    						
    If you are checking role group membership to deny access to an application (and not to customize the user experience), an even simpler approach is to use the PrincipalPermission class to demand the required role.
  10. Add Console.ReadLine to the end of the procedure to easily view the results.
    Console.ReadLine() 'Pause
    					
  11. Run the project to test the results.
  12. Save and close the project.
back to the top

REFERENCES

For more information about the Principal and the Identity objects, see the following Microsoft .NET Framework Developer's Guide documentation: For more information about key security concepts, see the following Microsoft .NET Framework Developer's Guide documentation: For another exposition of these concepts and a similar sample, see the .NET QuickStarts, which are installed with the .NET Framework Software Development Kit (SDK) and available at the following location on your computer:

http://localhost/QuickStart/HowTo/doc/security/WindowsIdentityCheck.aspx

For more information about the Windows Identity and Principal classes, see the .NET Framework Class Library documentation.

back to the top

Modification Type:MinorLast Reviewed:7/15/2004
Keywords:kbHOWTOmaster KB301256 kbAudDeveloper