System.Security.Principal in VB.NET: Part 1

The System.Security.Principal namespace defines a principal object that represents the security context under which code is running.

IIdentity Interface

• AuthenticationType: this property returns a string that describes the type of authentication in place, such as basic authentication, NTLM, Kerberos, or Passport. The value for this property will be defined by each application.

• IsAuthenticated: this property returns a value that indicates whether the current user has been authenticated.

• Name: his property returns the user name of the user represented by this identity.

IPrincipal Interface

• Identity: this property returns the identity object that is associated with this principal.

• IsInRole: this method returns a value that indicates whether the user represented by this principal belongs to a specific role.

WindowsIdentity Class

The WindowsIndentity class implements the IIdentity interface. It represents the identity of the user based on a method of authentication supported by the Windows operating system. A Windows identity provides the ability to impersonate another user so resources can be accessed on that user's behalf.

WindowsPrincipal Class

The WindowsPrincipal class implements the IPrincipal interface. It represents Windows users and their roles, which are simply the Windows groups to which the users belong.

GenericIdentity Class

The GenericIdentity class implements the IIdentity interface. It represents the identity of the user based on a custom authentication method defined by the application.

GenericPrincipal Class

The GenericPrincipal class implements the IPrincipal interface. It represents users and roles that exist independent of Windows users and their roles. Essentially, the generic principal is a simple solution for application authentication and authorization.

PrincipalPermission Class

PrincipalPermission objects allow code to perform actions (Demand, Union, Intersect, etc.) against the current user identity in a manner consistent with the way those actions are performed for code access permissions and identity permissions. PrincipalPermission can be issued as an imperative demand, as shown at the top of Listing 22.27, or as a declarative demand, as the bottom of the listing shows.

Listing 22.27: IsInRole Example

         Dim P As New PrincipalPermission(null, "BUILTIN\Administrator")
         p.Demand()
         // or it can be issued as a declarative demand as shown in the line below
         <PrincipalPermission(SecurityAction.Demand, Role:="BUILTIN\Administrators")> _

CurrentPrincipal Property

The CurrentPrincipal property of the Thread class is a static proprety that allows you to get or set the current security context of the user. You can use the CurrentPrincipal property of the System.Threading.Thread class in order to get the current WindowsPrincipal object as in the line of code below:

         Dim myWindowsPrincipal As WindowsPrincipal = DirectCast(Thread.CurrentPrincipal, WindowsPrincipal)

IsInRole Method

You can check role membership by calling the IsInRole method on the principal object. You can use IsInRole with WindowsPrincipal and CurrentPrincipal. Listing 22.28 shows a simple use of the IsInRole method.

Listing 22.28: IsInRole Example

            ' IsInRole
        Dim winpr As WindowsPrincipal = DirectCast(Thread.CurrentPrincipal, WindowsPrincipal) 
        ' WindowsBuiltInRole is an enumeration!
        ' Is winpr object in role of Administrator?
        winpr.IsInRole(WindowsBuiltInRole.Administrator) 
        ' Is the current thread principal in role of Administrator?
        System.Threading.Thread.CurrentPrincipal.IsInRole("BUILTIN\Administrator")


Conclusion

Hope this article would have helped you in understanding System.Security.Principal in VB.NET. Remaining part of this article you will see in my next article.