Saturday, November 7, 2009

Archive – Debugging WindowsIdentity and IsInRole

This is one of those invaluable little utility functions, you never need it until you face a problem trying to determine why IsInRole is returning and unexpected value when you run your application in a non development production environment. Using this function you can quickly determine the list of roles or groups that IsInRole is matching against.

Framework 2.0 and Later
public string[] GetWindowsIdentityRoles(WindowsIdentity identity)
if (identity == null) throw new ArgumentNullException("identity");

IdentityReferenceCollection groups = identity.Groups.Translate(typeof(NTAccount));
string[] roles = new string[groups.Count];
for (int i = 0; i < groups.Count; ++i)
roles[i] = groups[i].Value;

return roles;

Framework 1.0/1.1 (For that legacy code)

public static string[] GetWindowsIdentityRoles( WindowsIdentity identity )
object result = typeof(WindowsIdentity).InvokeMember( "_GetRoles",
BindingFlags.Static | BindingFlags.InvokeMethod | BindingFlags.NonPublic,
null, identity, new object[]{identity.Token}, null );

return (string[])result;

No comments:

Post a Comment