Microsoft KB Archive/301256

= How To Check the Windows Identity in a Client Application in Windows .NET Framework =

Article ID: 301256

Article Last Modified on 7/15/2004

-

APPLIES TO


 * Microsoft .NET Framework 1.1
 * Microsoft .NET Framework 1.0

-



This article was previously published under Q301256



This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location from which you downloaded the release.

IN THIS TASK

 * SUMMARY
 * Requirements
 * How to Check the Windows Identity in a Client Application
 * REFERENCES



SUMMARY
This article demonstrates how to use the classes in the System.Security.Principal namespace to check the user's Microsoft Windows user name and group memberships from a client application.

back to the top

Requirements
The following list outlines the recommended hardware, software, network infrastructure, and service packs that you will need:
 * Windows 2000 Professional, Windows 2000 Server, Windows 2000 Advanced Server, or Windows NT 4.0 Server
 * Microsoft Visual Studio .NET

This article assumes that you are familiar with the following topics:
 * Visual Studio .NET
 * Windows security

back to the top

How to Check the Windows Identity in a Client Application
 Open Visual Studio .NET. Create a new Console Application in Visual Basic .NET.  Use the Imports statement on the System.Security.Principal namespace so that you are not required to qualify WindowsPrincipal and WindowsIdentity declarations later in your code. You must use the Imports statement prior to any other declarations. Imports System.Security.Principal   Make a call to the SetPrincipalPolicy method of the CurrentDomain object, and set the WindowsPrincipal class so that it is attached to the thread. Without this call, the principal that is returned is a GenericPrincipal class that contains no user information. Add this code to the Main method of Module1. AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal) NOTE: The call to SetPrincipalPolicy requires the ControlPrincipal property SecurityPermission class, which is not normally given out to less than fully-trusted code. This prevents semi-trusted code (such as code that runs off the Internet) from gaining access to a user's account name.   Declare a WindowsPrincipal object, and use System.Threading.Thread.CurrentPrincipal to access the current principal from the Thread class. Because this method returns an IPrincipal interface, it must be cast as a WindowsPrincipal object before you can use it as one. Dim user As WindowsPrincipal = CType(System.Threading.Thread.CurrentPrincipal, WindowsPrincipal)   Declare a WindowsIdentity object to hold the identity information of the user. Use the Identity property of the WindowsPrincipal object. Dim ident As WindowsIdentity = user.Identity   Alternately, if you only want to get the user's identity, use the GetCurrent static method as a shortcut to steps 5 and 6. The principal's information can then be retrieved from the user's identity. Dim ident As WindowsIdentity = WindowsIdentity.GetCurrent Dim user As New WindowsPrincipal(ident) </li>  Use the Name property to retrieve the user's name, and use the AuthenticationType property to display that to the console. Console.WriteLine(&quot;User name: {0}&quot;, ident.Name) Console.WriteLine(&quot;Authentication type: {0}&quot;, ident.AuthenticationType) </li>  Use the IsInRole method of the WindowsPrincipal object to see whether the user is in various, built-in groups (or others). Console.WriteLine(&quot;Is in Administrators group: {0}&quot;, user.IsInRole(WindowsBuiltInRole.Administrator)) Console.WriteLine(&quot;Is in Guests group: {0}&quot;, user.IsInRole(WindowsBuiltInRole.Guest)) If you are checking role group membership to deny access to an application (and not to customize the user experience), an even simpler approach is to use the PrincipalPermission class to demand the required role. </li>  Add Console.ReadLine to the end of the procedure to easily view the results. Console.ReadLine 'Pause </li> Run the project to test the results.</li> Save and close the project.</li></ol>

back to the top

<div class="references_section">