Determine User Role (Vista)
-
Hi, I need to determine user role, especially if user is administrator. I know one way, but that way doesn't provide the information I need:
WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
principal.IsInRole(WindowsBuiltInRole.Administrator);
the problem is that even if user is an administrator (on Vista) and the UAC is on , user still behaves like non-administrator user. Difference is when a UAC form is displayed. When an administrator is required to elevale a process to admin rights, he doesn't need to type in his (administrator) credentials. However a regular user does have to type in these credentianls (of course). So if an application is run under administrator but not elevated to administrator rights, the principal says that the Current User is not an administrator. I need to know if that user is an administrator not depending on current Thread/Appication granted rights. thanx in advance... :)
zilo
-
Hi, I need to determine user role, especially if user is administrator. I know one way, but that way doesn't provide the information I need:
WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
principal.IsInRole(WindowsBuiltInRole.Administrator);
the problem is that even if user is an administrator (on Vista) and the UAC is on , user still behaves like non-administrator user. Difference is when a UAC form is displayed. When an administrator is required to elevale a process to admin rights, he doesn't need to type in his (administrator) credentials. However a regular user does have to type in these credentianls (of course). So if an application is run under administrator but not elevated to administrator rights, the principal says that the Current User is not an administrator. I need to know if that user is an administrator not depending on current Thread/Appication granted rights. thanx in advance... :)
zilo
I managed to do this by adding this class to my application: using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; using System.Security.Principal; namespace Gauge { public static class mySecurity { #region Constants const UInt32 TOKEN_QUERY = 8; const int INT_SIZE = 4; #endregion #region Enumerations private enum TOKEN_ELEVATION_TYPE { TokenElevationTypeDefault = 1, TokenElevationTypeFull, TokenElevationTypeLimited } public enum TOKEN_INFO_CLASS { TokenUser = 1, TokenGroups, TokenPrivileges, TokenOwner, TokenPrimaryGroup, TokenDefaultDacl, TokenSource, TokenType, TokenImpersonationLevel, TokenStatistics, TokenRestrictedSids, TokenSessionId, TokenGroupsAndPrivileges, TokenSessionReference, TokenSandBoxInert, TokenAuditPolicy, TokenOrigin, TokenElevationType, TokenLinkedToken, TokenElevation, TokenHasRestrictions, TokenAccessInformation, TokenVirtualizationAllowed, TokenVirtualizationEnabled, TokenIntegrityLevel, TokenUIAccess, TokenMandatoryPolicy, TokenLogonSid, MaxTokenInfoClass // MaxTokenInfoClass should always be the last enum } #endregion #region WIN API FUNCTIONS [DllImport("kernel32.dll")] public static extern IntPtr GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError=true)] public static extern Boolean OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle); [DllImport("advapi32.dll", SetLastError=true)] public static extern Boolean GetTokenInformation(IntPtr TokenHandle, TOKEN_INFO_CLASS TokenInformationClass, IntPtr TokenInformation, int TokenInformationLength, out uint ReturnLength); #endregion #region Public Methods /// /// Returns True when the current user is a member of the /// Administrators group and is also running the process /// elevated as an Administrator, otherwise returns false. /// /// /// true if user is running the process elevated as an Administrator; otherwise, false. /// public static Boolean IsRunningAsAdmin(WindowsPrincipal pWindowsPrincipal)