Windows​Identity Class

Definition

Represents a Windows user.

[System.Runtime.InteropServices.ComVisible(true)]
public class WindowsIdentity : System.Security.Claims.ClaimsIdentity, IDisposable, System.Runtime.Serialization.IDeserializationCallback, System.Runtime.Serialization.ISerializable
Inheritance
WindowsIdentity
Attributes
Implements

Inherited Members

System.Object

System.Security.Claims.ClaimsIdentity

Examples

The following example shows the use of members of WindowsIdentity class. For an example showing how to obtain a Windows account token through a call to the unmanaged Win32 LogonUser function, and use that token to impersonate another user, see the WindowsImpersonationContext class.

using namespace System;
using namespace System::Security::Principal;
void IntPtrConstructor( IntPtr logonToken );
void IntPtrStringConstructor( IntPtr logonToken );
void IntPrtStringTypeBoolConstructor( IntPtr logonToken );
void IntPtrStringTypeConstructor( IntPtr logonToken );
void UseProperties( IntPtr logonToken );
IntPtr LogonUser();
void GetAnonymousUser();
void ImpersonateIdentity( IntPtr logonToken );

[STAThread]
int main()
{
   
   // Retrieve the Windows account token for the current user.
   IntPtr logonToken = LogonUser();
   
   // Constructor implementations.
   IntPtrConstructor( logonToken );
   IntPtrStringConstructor( logonToken );
   IntPtrStringTypeConstructor( logonToken );
   IntPrtStringTypeBoolConstructor( logonToken );
   
   // Property implementations.
   UseProperties( logonToken );
   
   // Method implementations.
   GetAnonymousUser();
   ImpersonateIdentity( logonToken );
   Console::WriteLine( "This sample completed successfully; "
   "press Enter to exit." );
   Console::ReadLine();
}


// Create a WindowsIdentity object for the user represented by the
// specified Windows account token.
void IntPtrConstructor( IntPtr logonToken )
{
   
   // Construct a WindowsIdentity object using the input account token.
   WindowsIdentity^ windowsIdentity = gcnew WindowsIdentity( logonToken );
   
   Console::WriteLine( "Created a Windows identity object named {0}.", windowsIdentity->Name );
}

// Create a WindowsIdentity object for the user represented by the
// specified account token and authentication type.
void IntPtrStringConstructor( IntPtr logonToken )
{
   
   // Construct a WindowsIdentity object using the input account token 
   // and the specified authentication type.
   String^ authenticationType = "WindowsAuthentication";
   WindowsIdentity^ windowsIdentity = gcnew WindowsIdentity( logonToken,authenticationType );
   
   Console::WriteLine( "Created a Windows identity object named {0}.", windowsIdentity->Name );
}



// Create a WindowsIdentity object for the user represented by the
// specified account token, authentication type and Windows account
// type.
void IntPtrStringTypeConstructor( IntPtr logonToken )
{
   
   // Construct a WindowsIdentity object using the input account token,
   // and the specified authentication type and Windows account type.
   String^ authenticationType = "WindowsAuthentication";
   WindowsAccountType guestAccount = WindowsAccountType::Guest;
   WindowsIdentity^ windowsIdentity = gcnew WindowsIdentity( logonToken,authenticationType,guestAccount );
   
   Console::WriteLine( "Created a Windows identity object named {0}.", windowsIdentity->Name );
}

// Create a WindowsIdentity object for the user represented by the
// specified account token, authentication type, Windows account type and
// Boolean authentication flag.
void IntPrtStringTypeBoolConstructor( IntPtr logonToken )
{
   
   // Construct a WindowsIdentity object using the input account token,
   // and the specified authentication type, Windows account type, and
   // authentication flag.
   String^ authenticationType = "WindowsAuthentication";
   WindowsAccountType guestAccount = WindowsAccountType::Guest;
   bool isAuthenticated = true;
   WindowsIdentity^ windowsIdentity = gcnew WindowsIdentity( logonToken,authenticationType,guestAccount,isAuthenticated );
   
   Console::WriteLine( "Created a Windows identity object named {0}.", windowsIdentity->Name );
}

// Access the properties of a WindowsIdentity object.
void UseProperties( IntPtr logonToken )
{
   WindowsIdentity^ windowsIdentity = gcnew WindowsIdentity( logonToken );
   String^ propertyDescription = "The windows identity named ";
   
   // Retrieve the Windows logon name from the Windows identity object.
   propertyDescription = String::Concat( propertyDescription, windowsIdentity->Name );
   
   // Verify that the user account is not considered to be an Anonymous
   // account by the system.
   if (  !windowsIdentity->IsAnonymous )
   {
      propertyDescription = String::Concat( propertyDescription, ", is not an Anonymous account" );
   }

   
   // Verify that the user account has been authenticated by Windows.
   if ( windowsIdentity->IsAuthenticated )
   {
      propertyDescription = String::Concat( propertyDescription, ", is authenticated" );
   }
   
   // Verify that the user account is considered to be a System account
   // by the system.
   if ( windowsIdentity->IsSystem )
   {
      propertyDescription = String::Concat( propertyDescription, ", is a System account" );
   }
   
   // Verify that the user account is considered to be a Guest account
   // by the system.
   if ( windowsIdentity->IsGuest )
   {
      propertyDescription = String::Concat( propertyDescription, ", is a Guest account" );
   }
   
   // Retrieve the authentication type for the 
   String^ authenticationType = windowsIdentity->AuthenticationType;
   
   // Append the authenication type to the output message.
   if ( authenticationType != nullptr )
   {
      propertyDescription = String::Format( "{0} and uses {1} authentication type.", propertyDescription, authenticationType );
   }
   
   Console::WriteLine( propertyDescription );
}


// Retrieve the account token from the current WindowsIdentity object
// instead of calling the unmanaged LogonUser method in the advapi32.dll.
IntPtr LogonUser()
{
   
   IntPtr accountToken = WindowsIdentity::GetCurrent()->Token;
   
   return accountToken;
}


// Get the WindowsIdentity object for an Anonymous user.
void GetAnonymousUser()
{
   
   // Retrieve a WindowsIdentity object that represents an anonymous
   // Windows user.
   WindowsIdentity^ windowsIdentity = WindowsIdentity::GetAnonymous();
   
}


// Impersonate a Windows identity.
void ImpersonateIdentity( IntPtr logonToken )
{
   
   // Retrieve the Windows identity using the specified token.
   WindowsIdentity^ windowsIdentity = gcnew WindowsIdentity( logonToken );
   
   // Create a WindowsImpersonationContext object by impersonating the
   // Windows identity.
   WindowsImpersonationContext^ impersonationContext = windowsIdentity->Impersonate();
   Console::WriteLine( "Name of the identity after impersonation: {0}.", WindowsIdentity::GetCurrent()->Name );
   
   // Stop impersonating the user.
   impersonationContext->Undo();
   
   // Check the identity name.
   Console::Write( "Name of the identity after performing an Undo on the" );
   Console::WriteLine( " impersonation: {0}", WindowsIdentity::GetCurrent()->Name );
}

using System;
using System.Security.Principal;

class WindowsIdentityMembers
{
    [STAThread]
    static void Main(string[] args)
    {
        // Retrieve the Windows account token for the current user.
        IntPtr logonToken = LogonUser();

        // Constructor implementations.
        IntPtrConstructor(logonToken);
        IntPtrStringConstructor(logonToken);
        IntPtrStringTypeConstructor(logonToken);
        IntPrtStringTypeBoolConstructor(logonToken);

        // Property implementations.
        UseProperties(logonToken);

        // Method implementations.
        GetAnonymousUser();
        ImpersonateIdentity(logonToken);

        Console.WriteLine("This sample completed successfully; " +
            "press Enter to exit.");
        Console.ReadLine();
    }

    // Create a WindowsIdentity object for the user represented by the
    // specified Windows account token.
    private static void IntPtrConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token.
        WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }

 
    // Create a WindowsIdentity object for the user represented by the
    // specified account token and authentication type.
    private static void IntPtrStringConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token 
        // and the specified authentication type.
        string authenticationType = "WindowsAuthentication";
        WindowsIdentity windowsIdentity =
			            new WindowsIdentity(logonToken, authenticationType);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }

    // Create a WindowsIdentity object for the user represented by the
    // specified account token, authentication type, and Windows account
    // type.
    private static void IntPtrStringTypeConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token,
        // and the specified authentication type, and Windows account type.
        string authenticationType = "WindowsAuthentication";
        WindowsAccountType guestAccount = WindowsAccountType.Guest;
        WindowsIdentity windowsIdentity =
            new WindowsIdentity(logonToken, authenticationType, guestAccount);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }

    // Create a WindowsIdentity object for the user represented by the
    // specified account token, authentication type, Windows account type, and
    // Boolean authentication flag.
    private static void IntPrtStringTypeBoolConstructor(IntPtr logonToken)
    {
        // Construct a WindowsIdentity object using the input account token,
        // and the specified authentication type, Windows account type, and
        // authentication flag.
        string authenticationType = "WindowsAuthentication";
        WindowsAccountType guestAccount = WindowsAccountType.Guest;
        bool isAuthenticated = true;
        WindowsIdentity windowsIdentity = new WindowsIdentity(
            logonToken, authenticationType, guestAccount, isAuthenticated);

        Console.WriteLine("Created a Windows identity object named " +
            windowsIdentity.Name + ".");
    }
    // Access the properties of a WindowsIdentity object.
    private static void UseProperties(IntPtr logonToken)
    {
        WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);
        string propertyDescription = "The Windows identity named ";

        // Retrieve the Windows logon name from the Windows identity object.
        propertyDescription += windowsIdentity.Name;

        // Verify that the user account is not considered to be an Anonymous
        // account by the system.
        if (!windowsIdentity.IsAnonymous)
        {
            propertyDescription += " is not an Anonymous account";
        }

        // Verify that the user account has been authenticated by Windows.
        if (windowsIdentity.IsAuthenticated)
        {
            propertyDescription += ", is authenticated";
        }

        // Verify that the user account is considered to be a System account
        // by the system.
        if (windowsIdentity.IsSystem)
        {
            propertyDescription += ", is a System account";
        }
        // Verify that the user account is considered to be a Guest account
        // by the system.
        if (windowsIdentity.IsGuest)
        {
            propertyDescription += ", is a Guest account";
        }

        // Retrieve the authentication type for the 
        String authenticationType = windowsIdentity.AuthenticationType;

        // Append the authenication type to the output message.
        if (authenticationType != null)
        {
            propertyDescription += (" and uses " + authenticationType);
            propertyDescription += (" authentication type.");
        }

        Console.WriteLine(propertyDescription);

        // Display the SID for the owner.
        Console.Write("The SID for the owner is : ");
        SecurityIdentifier si = windowsIdentity.Owner;
        Console.WriteLine(si.ToString());
        // Display the SIDs for the groups the current user belongs to.
        Console.WriteLine("Display the SIDs for the groups the current user belongs to.");
        IdentityReferenceCollection irc = windowsIdentity.Groups;
        foreach (IdentityReference ir in irc)
            Console.WriteLine(ir.Value);
        TokenImpersonationLevel token = windowsIdentity.ImpersonationLevel;
        Console.WriteLine("The impersonation level for the current user is : " + token.ToString());
    }

    // Retrieve the account token from the current WindowsIdentity object
    // instead of calling the unmanaged LogonUser method in the advapi32.dll.
    private static IntPtr LogonUser()
    {
        IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
        Console.WriteLine( "Token number is: " + accountToken.ToString());

        return accountToken;
    }

    // Get the WindowsIdentity object for an Anonymous user.
    private static void GetAnonymousUser()
    {
        // Retrieve a WindowsIdentity object that represents an anonymous
        // Windows user.
        WindowsIdentity windowsIdentity = WindowsIdentity.GetAnonymous();
    }

    // Impersonate a Windows identity.
    private static void ImpersonateIdentity(IntPtr logonToken)
    {
        // Retrieve the Windows identity using the specified token.
        WindowsIdentity windowsIdentity = new WindowsIdentity(logonToken);

        // Create a WindowsImpersonationContext object by impersonating the
        // Windows identity.
        WindowsImpersonationContext impersonationContext =
            windowsIdentity.Impersonate();

        Console.WriteLine("Name of the identity after impersonation: "
            + WindowsIdentity.GetCurrent().Name + ".");
        Console.WriteLine(windowsIdentity.ImpersonationLevel);
        // Stop impersonating the user.
        impersonationContext.Undo();

        // Check the identity name.
        Console.Write("Name of the identity after performing an Undo on the");
        Console.WriteLine(" impersonation: " +
            WindowsIdentity.GetCurrent().Name);
    }
}

Imports System
Imports System.Security.Principal
Module Module1

    Sub Main()

        ' Retrieve the Windows account token for the current user.
        Dim logonToken As IntPtr = LogonUser()

        ' Constructor implementations.
        IntPtrConstructor(logonToken)
        IntPtrStringConstructor(logonToken)
        IntPtrStringTypeConstructor(logonToken)
        IntPrtStringTypeBoolConstructor(logonToken)

        ' Property implementations.
        UseProperties(logonToken)

        ' Method implementations.
        GetAnonymousUser()
        ImpersonateIdentity(logonToken)

        ' Align interface and conclude application.
        Console.WriteLine(vbCrLf + "This sample completed " + _
            "successfully; press Enter to exit.")
        Console.ReadLine()

    End Sub
    
    ' Create a WindowsIdentity object for the user represented by the
    ' specified Windows account token.
    Private Sub IntPtrConstructor(ByVal logonToken As IntPtr)
        ' Construct a WindowsIdentity object using the input account token.
        Dim windowsIdentity As New WindowsIdentity(logonToken)

        WriteLine("Created a Windows identity object named " + _
            windowsIdentity.Name + ".")
    End Sub
    ' Create a WindowsIdentity object for the user represented by the
    ' specified account token and authentication type.
    Private Sub IntPtrStringConstructor(ByVal logonToken As IntPtr)
        ' Construct a WindowsIdentity object using the input account token 
        ' and the specified authentication type
        Dim authenticationType = "WindowsAuthentication"
        Dim windowsIdentity As _
            New WindowsIdentity(logonToken, authenticationType)

        WriteLine("Created a Windows identity object named " + _
            windowsIdentity.Name + ".")
    End Sub

    ' Create a WindowsIdentity object for the user represented by the
    ' specified account token, authentication type, and Windows account
    ' type.
    Private Sub IntPtrStringTypeConstructor(ByVal logonToken As IntPtr)
        ' Construct a WindowsIdentity object using the input account token,
        ' and the specified authentication type and Windows account type.
        Dim authenticationType As String = "WindowsAuthentication"
        Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
        Dim windowsIdentity As _
            New WindowsIdentity(logonToken, authenticationType, guestAccount)

        WriteLine("Created a Windows identity object named " + _
            windowsIdentity.Name + ".")
    End Sub

    ' Create a WindowsIdentity object for the user represented by the
    ' specified account token, authentication type, Windows account type,
    ' and Boolean authentication flag.
    Private Sub IntPrtStringTypeBoolConstructor(ByVal logonToken As IntPtr)
        ' Construct a WindowsIdentity object using the input account token,
        ' and the specified authentication type, Windows account type, and
        ' authentication flag.
        Dim authenticationType As String = "WindowsAuthentication"
        Dim guestAccount As WindowsAccountType = WindowsAccountType.Guest
        Dim isAuthenticated As Boolean = True
        Dim windowsIdentity As New WindowsIdentity( _
            logonToken, authenticationType, guestAccount, isAuthenticated)

        WriteLine("Created a Windows identity object named " + _
            windowsIdentity.Name + ".")
    End Sub
        
    ' Access the properties of a WindowsIdentity object.
    Private Sub UseProperties(ByVal logonToken As IntPtr)
        Dim windowsIdentity As New WindowsIdentity(logonToken)
        Dim propertyDescription As String = "The Windows identity named "

        ' Retrieve the Windows logon name from the Windows identity object.
        propertyDescription += windowsIdentity.Name

        ' Verify that the user account is not considered to be an Anonymous
        ' account by the system.
        If Not windowsIdentity.IsAnonymous Then
            propertyDescription += " is not an Anonymous account"
        End If

        ' Verify that the user account has been authenticated by Windows.
        If (windowsIdentity.IsAuthenticated) Then
            propertyDescription += ", is authenticated"
        End If

        ' Verify that the user account is considered to be a System account by
        ' the system.
        If (windowsIdentity.IsSystem) Then
            propertyDescription += ", is a System account"
        End If

        ' Verify that the user account is considered to be a Guest account by
        ' the system.
        If (windowsIdentity.IsGuest) Then
            propertyDescription += ", is a Guest account"
        End If
        Dim authenticationType As String = windowsIdentity.AuthenticationType

        ' Append the authenication type to the output message.
        If (Not authenticationType Is Nothing) Then
            propertyDescription += (" and uses " + authenticationType)
            propertyDescription += (" authentication type.")
        End If

        WriteLine(propertyDescription)

        ' Display the SID for the owner.
        Console.Write("The SID for the owner is : ")
        Dim si As SecurityIdentifier
        si = windowsIdentity.Owner
        Console.WriteLine(si.ToString())
        ' Display the SIDs for the groups the current user belongs to.
        Console.WriteLine("Display the SIDs for the groups the current user belongs to.")
        Dim irc As IdentityReferenceCollection
        Dim ir As IdentityReference
        irc = windowsIdentity.Groups
        For Each ir In irc
            Console.WriteLine(ir.Value)
        Next
        Dim token As TokenImpersonationLevel
        token = windowsIdentity.ImpersonationLevel
        Console.WriteLine("The impersonation level for the current user is : " + token.ToString())
    End Sub
    ' Retrieve the account token from the current WindowsIdentity object
    ' instead of calling the unmanaged LogonUser method in the advapi32.dll.
    Private Function LogonUser() As IntPtr
        Dim accountToken As IntPtr = WindowsIdentity.GetCurrent().Token

        Return accountToken
    End Function

    ' Get the WindowsIdentity object for an Anonymous user.
    Private Sub GetAnonymousUser()
        ' Retrieve a WindowsIdentity object that represents an anonymous
        ' Windows user.
        Dim windowsIdentity As WindowsIdentity
        windowsIdentity = windowsIdentity.GetAnonymous()
    End Sub

    ' Impersonate a Windows identity.
    Private Sub ImpersonateIdentity(ByVal logonToken As IntPtr)
        ' Retrieve the Windows identity using the specified token.
        Dim windowsIdentity As New WindowsIdentity(logonToken)

        ' Create a WindowsImpersonationContext object by impersonating the
        ' Windows identity.
        Dim impersonationContext As WindowsImpersonationContext
        impersonationContext = windowsIdentity.Impersonate()

        WriteLine("Name of the identity after impersonation: " + _
            windowsIdentity.GetCurrent().Name + ".")

        ' Stop impersonating the user.
        impersonationContext.Undo()

        ' Check the identity.
        WriteLine("Name of the identity after performing an Undo on the " + _
            "impersonation: " + windowsIdentity.GetCurrent().Name + ".")
    End Sub
    ' Write out message with carriage return to output textbox.
    Private Sub WriteLine(ByVal message As String)
        Console.WriteLine(message + vbCrLf)
    End Sub

End Module

Remarks

Call the GetCurrent method to create a WindowsIdentity object that represents the current user.

Important

This type implements the IDisposable interface. When you have finished using the type, you should dispose of it either directly or indirectly. To dispose of the type directly, call its Dispose method in a try/catch block. To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). For more information, see the "Using an Object that Implements IDisposable" section in the IDisposable interface topic.

Constructors

Windows​Identity(​Int​Ptr)

Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token.

Windows​Identity(​Windows​Identity)

Initializes a new instance of the WindowsIdentity class by using the specified WindowsIdentity object.

Windows​Identity(​String)

Initializes a new instance of the WindowsIdentity class for the user represented by the specified User Principal Name (UPN).

Windows​Identity(​Int​Ptr, ​String)

Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token and the specified authentication type.

Windows​Identity(​Serialization​Info, ​Streaming​Context)

Initializes a new instance of the WindowsIdentity class for the user represented by information in a SerializationInfo stream.

Windows​Identity(​String, ​String)

Initializes a new instance of the WindowsIdentity class for the user represented by the specified User Principal Name (UPN) and the specified authentication type.

Windows​Identity(​Int​Ptr, ​String, ​Windows​Account​Type)

Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token, the specified authentication type, and the specified Windows account type.

Windows​Identity(​Int​Ptr, ​String, ​Windows​Account​Type, ​Boolean)

Initializes a new instance of the WindowsIdentity class for the user represented by the specified Windows account token, the specified authentication type, the specified Windows account type, and the specified authentication status.

Fields

Default​Issuer

Identifies the name of the default ClaimsIdentity issuer.

Properties

Access​Token

Gets this SafeAccessTokenHandle for this WindowsIdentity instance.

Authentication​Type

Gets the type of authentication used to identify the user.

Claims

Gets all claims for the user represented by this Windows identity.

Device​Claims

Gets claims that have the WindowsDeviceClaim property key.

Groups

Gets the groups the current Windows user belongs to.

Impersonation​Level

Gets the impersonation level for the user.

Is​Anonymous

Gets a value that indicates whether the user account is identified as an anonymous account by the system.

Is​Authenticated

Gets a value indicating whether the user has been authenticated by Windows.

Is​Guest

Gets a value indicating whether the user account is identified as a Guest account by the system.

Is​System

Gets a value indicating whether the user account is identified as a System account by the system.

Name

Gets the user's Windows logon name.

Owner

Gets the security identifier (SID) for the token owner.

Token

Gets the Windows account token for the user.

User

Gets the security identifier (SID) for the user.

User​Claims

Gets claims that have the WindowsUserClaim property key.

Methods

Clone()

Creates a new object that is a copy of the current instance.

Dispose()

Releases all resources used by the WindowsIdentity.

Dispose(​Boolean)

Releases the unmanaged resources used by the WindowsIdentity and optionally releases the managed resources.

Get​Anonymous()

Returns a WindowsIdentity object that you can use as a sentinel value in your code to represent an anonymous user. The property value does not represent the built-in anonymous identity used by the Windows operating system.

Get​Current(​Token​Access​Levels)

Returns a WindowsIdentity object that represents the current Windows user, using the specified desired token access level.

Get​Current(​Boolean)

Returns a WindowsIdentity object that represents the Windows identity for either the thread or the process, depending on the value of the ifImpersonating parameter.

Get​Current()

Returns a WindowsIdentity object that represents the current Windows user.

Impersonate()

Impersonates the user represented by the WindowsIdentity object.

Impersonate(​Int​Ptr)

Impersonates the user represented by the specified user token.

Run​Impersonated(​Safe​Access​Token​Handle, ​Action)

Runs the specified action as the impersonated Windows identity. Instead of using an impersonated method call and running your function in WindowsImpersonationContext, you can use RunImpersonated(SafeAccessTokenHandle, Action) and provide your function directly as a parameter.

Run​Impersonated<​T>(​Safe​Access​Token​Handle, ​Func<​T>)

Runs the specified function as the impersonated Windows identity. Instead of using an impersonated method call and running your function in WindowsImpersonationContext, you can use RunImpersonated(SafeAccessTokenHandle, Action) and provide your function directly as a parameter.

Explicit Interface Implementations

I​Deserialization​Callback.​On​Deserialization(​Object)

Implements the ISerializable interface and is called back by the deserialization event when deserialization is complete.

I​Serializable.​Get​Object​Data(​Serialization​Info, ​Streaming​Context)

Sets the SerializationInfo object with the logical context information needed to recreate an instance of this execution context.