Saturday, October 31, 2009

Authentication and Authorization

Well, it's Halloween, and in between going to answer the doorbell, I'm still studying for my Microsoft .NET 70-536 exam.

Can't think of anything I'd rather be doing on Halloween than studying and writing code. :-)

Authentication and Authorization classes reside in the System.Security.Principal namespace.

The following classes and interfaces exist in this namespace:

  • WindowsIdentity - Represents a Windows or AD user account.
  • WindowsPrincipal - Provides access to a user's group memberships. From my study book, "You can use the WindowsPrincipal class to determine which groups a user is a member of. To query for built-in groups, pass to the WindowsPrincipal.IsInRole method a member of the System.Security.Principal.WindowsBuiltInRole".
  • GenericIdentity - For simple, non-Microsoft directory service user account.
  • GenericPrincipal - For simple, non-Microsoft directory service groups.
  • IIdentity - For custom users.
  • IPrincipal - For custom groups.
  • WindowsBuiltInRole (enum) - local Windows groups that are common in NT, 2000, XP. Include: User, PowerUser, Administrator, Guest, AccountOperator, SystemOperator, PrintOperator, BackupOperator, and Replicator.



Here is sample code to get the current user's group memberships:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
using System;
using System.Threading;
using System.Security.Principal;
 
namespace IdentityPrincipal
{
    class Program
    {
        static void Main(string[] args)
        {
            WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
            Console.WriteLine("Current User: '{0}", currentIdentity.Name);
 
            // Two ways to get the currentPrincipal.
            // 1. Through the WindowsPrincipal constructor passing in currentIdentity.
            //WindowsPrincipal currentPrincipal = new WindowsPrincipal(currentIdentity);
 
            // 2. Through the Thread.CurrentPrincipal property (after setting the Principal Policy of the
            // current domain.  For this sample program, we will use this method.
            AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
            WindowsPrincipal currentPrincipal = (WindowsPrincipal) Thread.CurrentPrincipal;
             
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.User))
            {
                Console.WriteLine("Current User is a User");
            }
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.Guest))
            {
                Console.WriteLine("Current User is a Guest");
            }
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.PowerUser))
            {
                Console.WriteLine("Current User is a Power User");
            }
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
            {
                Console.WriteLine("Current User is an Administrator");
            }
            Console.ReadKey();
        }
    }
}

No comments:

Post a Comment