WindowsTokenRoleProvider.IsUserInRole Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets a value indicating whether the specified user is in the specified built-in Windows role.
Overloads
IsUserInRole(String, WindowsBuiltInRole) |
Gets a value indicating whether the specified user is in the specified built-in Windows role. |
IsUserInRole(String, String) |
Gets a value indicating whether the specified user is in the specified Windows group. |
IsUserInRole(String, WindowsBuiltInRole)
Gets a value indicating whether the specified user is in the specified built-in Windows role.
public:
bool IsUserInRole(System::String ^ username, System::Security::Principal::WindowsBuiltInRole role);
public bool IsUserInRole (string username, System.Security.Principal.WindowsBuiltInRole role);
override this.IsUserInRole : string * System.Security.Principal.WindowsBuiltInRole -> bool
Public Function IsUserInRole (username As String, role As WindowsBuiltInRole) As Boolean
Parameters
- username
- String
The user name to search for in the form DOMAIN\username.
- role
- WindowsBuiltInRole
The Windows role to search in.
Returns
true
if the specified user is in the specified Windows role; otherwise, false
.
Exceptions
username
is null
.
The currently executing user does not have an authenticated WindowsIdentity attached to User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to CurrentPrincipal.
-or-
username
does not match the Name of the current WindowsIdentity.
Examples
The following code example programmatically checks whether the currently logged-on user is in the Administrators role before allowing the user to view roles information for the application. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Security.Principal" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
string[] rolesArray;
public void Page_Load()
{
Msg.Text = "";
WindowsPrincipal p = (WindowsPrincipal)System.Threading.Thread.CurrentPrincipal;
if (!p.IsInRole(WindowsBuiltInRole.Administrator))
{
Msg.Text = "You are not authorized to view user roles.";
return;
}
// Bind roles to GridView.
try
{
rolesArray = Roles.GetRolesForUser(User.Identity.Name);
}
catch (HttpException e)
{
Msg.Text = "There is no current logged on user. Role membership cannot be verified.";
return;
}
UserRolesGrid.DataSource = rolesArray;
UserRolesGrid.DataBind();
UserRolesGrid.Columns[0].HeaderText = "Roles for " + User.Identity.Name;
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: View User Roles</title>
</head>
<body>
<form runat="server" id="PageForm">
<h3>View User Roles</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
<table border="0" cellspacing="4">
<tr>
<td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid"
AutoGenerateColumns="false" Gridlines="None"
CellSpacing="0" >
<HeaderStyle BackColor="navy" ForeColor="white" />
<Columns>
<asp:TemplateField HeaderText="Roles" >
<ItemTemplate>
<%# Container.DataItem.ToString() %>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView></td>
</tr>
</table>
</form>
</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Dim rolesArray() As String
Public Sub Page_Load()
Msg.Text = ""
Dim provider As WindowsTokenRoleProvider = CType(Roles.Provider, WindowsTokenRoleProvider)
If Not provider.IsUserInRole(User.Identity.Name, _
System.Security.Principal.WindowsBuiltInRole.Administrator) Then
Msg.Text = "You are not authorized to view user roles."
Return
End If
' Bind roles to GridView.
Try
rolesArray = Roles.GetRolesForUser(User.Identity.Name)
Catch e As HttpException
Msg.Text = "There is no current logged on user. Role membership cannot be verified."
Return
End Try
UserRolesGrid.DataSource = rolesArray
UserRolesGrid.DataBind()
UserRolesGrid.Columns(0).HeaderText = "Roles for " & User.Identity.Name
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: View User Roles</title>
</head>
<body>
<form runat="server" id="PageForm">
<h3>View User Roles</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
<table border="0" cellspacing="4">
<tr>
<td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid"
AutoGenerateColumns="false" Gridlines="None"
CellSpacing="0" >
<HeaderStyle BackColor="navy" ForeColor="white" />
<Columns>
<asp:TemplateField HeaderText="Roles" >
<ItemTemplate>
<%# Container.DataItem.ToString() %>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView></td>
</tr>
</table>
</form>
</body>
</html>
Remarks
The IsUserInRole method enables you to check whether a user is in one of the common Windows roles described by the WindowsBuiltInRole enumeration. This method is useful for applications that are localized into multiple languages. This overload of the IsUserInRole method is not part of the RoleProvider base class and can only be accessed by casting the Provider property of the Roles class as the WindowsTokenRoleProvider type.
You can call the IsUserInRole method only for the currently logged-on user, as identified by the LOGON_USER server variable. If the value supplied in the username
parameter is not the name of the currently logged-on user, an HttpException is thrown.
IsUserInRole method can only be called for the currently logged-on user identified by the LOGON_USER server variable. The current logged on user must be a Windows authenticated user. For more information on ASP.NET and Windows authentication, see ASP.NET Authentication.
See also
Applies to
IsUserInRole(String, String)
Gets a value indicating whether the specified user is in the specified Windows group.
public:
override bool IsUserInRole(System::String ^ username, System::String ^ roleName);
public override bool IsUserInRole (string username, string roleName);
override this.IsUserInRole : string * string -> bool
Public Overrides Function IsUserInRole (username As String, roleName As String) As Boolean
Parameters
- username
- String
The user name to search for in the form DOMAIN\username.
- roleName
- String
The Windows group to search in the form DOMAIN\rolename.
Returns
true
if the specified user name is in the specified Windows group; otherwise, false
.
Exceptions
The currently executing user does not have an authenticated WindowsIdentity attached to User. For non-HTTP scenarios, the currently executing user does not have an authenticated WindowsIdentity attached to CurrentPrincipal.
-or-
username
does not match the Name of the current WindowsIdentity.
-or-
A failure occurred while retrieving the user's Windows group information.
Examples
The following code example programmatically checks whether the currently logged-on user is in the Administrators role before allowing the user to view roles information for the application. For an example of a Web.config file that enables role management, see WindowsTokenRoleProvider.
<%@ Page Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
string[] rolesArray;
public void Page_Load()
{
Msg.Text = "";
try
{
if (!Roles.IsUserInRole(User.Identity.Name, @"BUILTIN\Administrators"))
{
Msg.Text = "You are not authorized to view user roles.";
return;
}
}
catch (HttpException e)
{
Msg.Text = "There is no current logged on user. Role membership cannot be verified.";
return;
}
// Bind roles to GridView.
rolesArray = Roles.GetRolesForUser(User.Identity.Name);
UserRolesGrid.DataSource = rolesArray;
UserRolesGrid.DataBind();
UserRolesGrid.Columns[0].HeaderText = "Roles for " + User.Identity.Name;
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: View User Roles</title>
</head>
<body>
<form runat="server" id="PageForm">
<h3>View User Roles</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
<table border="0" cellspacing="4">
<tr>
<td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid"
AutoGenerateColumns="false" Gridlines="None"
CellSpacing="0" >
<HeaderStyle BackColor="navy" ForeColor="white" />
<Columns>
<asp:TemplateField HeaderText="Roles" >
<ItemTemplate>
<%# Container.DataItem.ToString() %>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView></td>
</tr>
</table>
</form>
</body>
</html>
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Web.Security" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Dim rolesArray() As String
Public Sub Page_Load()
Msg.Text = ""
Try
If Not Roles.IsUserInRole(User.Identity.Name, "BUILTIN\Administrators") Then
Msg.Text = "You are not authorized to view user roles."
Return
End If
Catch e As HttpException
Msg.Text = "There is no current logged on user. Role membership cannot be verified."
Return
End Try
' Bind roles to GridView.
rolesArray = Roles.GetRolesForUser(User.Identity.Name)
UserRolesGrid.DataSource = rolesArray
UserRolesGrid.DataBind()
UserRolesGrid.Columns(0).HeaderText = "Roles for " & User.Identity.Name
End Sub
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sample: View User Roles</title>
</head>
<body>
<form runat="server" id="PageForm">
<h3>View User Roles</h3>
<asp:Label id="Msg" ForeColor="maroon" runat="server" /><br />
<table border="0" cellspacing="4">
<tr>
<td valign="top"><asp:GridView runat="server" CellPadding="4" id="UserRolesGrid"
AutoGenerateColumns="false" Gridlines="None"
CellSpacing="0" >
<HeaderStyle BackColor="navy" ForeColor="white" />
<Columns>
<asp:TemplateField HeaderText="Roles" >
<ItemTemplate>
<%# Container.DataItem.ToString() %>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView></td>
</tr>
</table>
</form>
</body>
</html>
Remarks
The IsUserInRole method is called by the Roles class and the IsInRole method of the User property to determine whether a user is in a Windows group. You can call the IsUserInRole method only for the currently logged-on user, as identified by the LOGON_USER server variable. The current logged-on user must be a Windows authenticated user. For more information on ASP.NET and Windows authentication, see ASP.NET Authentication.