Authentication and Authorization

Well, it's Halloween, and in between going to answer the doorbell, I'm still studying for my Microsoft .NET 70-536 exam.

Can't think of anything I'd rather be doing on Halloween than studying and writing code. :-)

Authentication and Authorization classes reside in the System.Security.Principal namespace.

The following classes and interfaces exist in this namespace:

• WindowsIdentity - Represents a Windows or AD user account.
• WindowsPrincipal - Provides access to a user's group memberships. From my study book, "You can use the WindowsPrincipal class to determine which groups a user is a member of. To query for built-in groups, pass to the WindowsPrincipal.IsInRole method a member of the System.Security.Principal.WindowsBuiltInRole".
• GenericIdentity - For simple, non-Microsoft directory service user account.
• GenericPrincipal - For simple, non-Microsoft directory service groups.
• IIdentity - For custom users.
• IPrincipal - For custom groups.
• WindowsBuiltInRole (enum) - local Windows groups that are common in NT, 2000, XP. Include: User, PowerUser, Administrator, Guest, AccountOperator, SystemOperator, PrintOperator, BackupOperator, and Replicator.

Here is sample code to get the current user's group memberships:

using System;
using System.Threading;
using System.Security.Principal;

namespace IdentityPrincipal
{
    class Program
    {
        static void Main(string[] args)
        {
            WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
            Console.WriteLine("Current User: '{0}", currentIdentity.Name);

            // Two ways to get the currentPrincipal. 
            // 1. Through the WindowsPrincipal constructor passing in currentIdentity.
            //WindowsPrincipal currentPrincipal = new WindowsPrincipal(currentIdentity);

            // 2. Through the Thread.CurrentPrincipal property (after setting the Principal Policy of the 
            // current domain.  For this sample program, we will use this method.
            AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
            WindowsPrincipal currentPrincipal = (WindowsPrincipal) Thread.CurrentPrincipal;
            
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.User))
            {
                Console.WriteLine("Current User is a User");
            }
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.Guest))
            {
                Console.WriteLine("Current User is a Guest");
            }
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.PowerUser))
            {
                Console.WriteLine("Current User is a Power User");
            }
            if (currentPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
            {
                Console.WriteLine("Current User is an Administrator");
            }
            Console.ReadKey();
        }
    }
}