February 18, 2019
Hot Topics:

Managed C++: Determining User Security Roles

  • January 24, 2005
  • By Tom Archer
  • Send Email »
  • More Articles »

Testing for Inclusion in One of Multiple Groups

If the code you're attempting to execute can be executed by someone belonging to any of multiple groups, you can use the PrincipalPermission::Union method to join these groups and then call the PrincipalPermission::Demand method, which will throw an exception only if the user doesn't belong to any of those groups. Here's an example of this using code from the previous section. I've bolded the changes:
  AppDomain* dom = AppDomain::CurrentDomain;

  WindowsIdentity* identity = WindowsIdentity::GetCurrent();

  PrincipalPermission* permissions = new PrincipalPermission(identity->Name, "Administrators");
  PrincipalPermission* permissionsPU = new PrincipalPermission(identity->Name, "PowerUsers");

  //... run code that requires the checked-for rights
catch(Security::SecurityException* ex)
  // ex->Message will contain the exact error message

Security for the Rest of Us

Not many of us are security gurus like Keith Brown (my favorite author and trainer on the subject). However, with these past two articles, you can perform some very basic security-rights verification without having to become an expert on Windows security. If you do wish to learn more, I would highly recommend any of Keith's books on the subject.

About the Author

Tom Archer owns his own training company, Archer Consulting Group, which specializes in educating and mentoring .NET programmers and providing project management consulting. If you would like to find out how the Archer Consulting Group can help you reduce development costs, get your software to market faster, and increase product revenue, contact Tom through his Web site.

Page 2 of 2

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date