AuthorizationHelper.DemandOne Method (SecurityIdentifier[], Boolean)
Determines whether the current thread principal is a member of one of the specified groups.
Namespace: Microsoft.WindowsServerSolutions.Common.ProviderFramework
Assembly: ProviderFramework (in ProviderFramework.dll)
Syntax
public static bool DemandOne(
SecurityIdentifier[] groupSids,
bool throwIfFailed
)
public:
static bool DemandOne(
array<SecurityIdentifier^>^ groupSids,
bool throwIfFailed
)
Public Shared Function DemandOne (
groupSids As SecurityIdentifier(),
throwIfFailed As Boolean
) As Boolean
Parameters
groupSids
Type: System.Security.Principal.SecurityIdentifier[]The SID of the groups to be checked.
throwIfFailed
Type: System.BooleanIf this value is true, IntentionalFaultException of SecurityAccessDeniedException is thrown if the principal failed the authorization check. An argument exception is thrown for any invalid arguments regardless of this value.
Return Value
Type: System.Boolean
true if the current thread principal is a member of the one of the groups; otherwise, false.
Remarks
If the current thread principal is a member of one of the listed groups, no exception is thrown; otherwise, IntentionalFaultException of SecurityAccessDeniedException is thrown.
A principal object represents the security context of the user on whose behalf the code is running, which includes the identity of the user (IIdentity) and any roles to which they belong.
By default, the domain administrators account is a member of the built-in administrators group (S-1-5-32-544). LocalSystem is a member of the built-in administrators group. Network Service is not part of the built-in administrators group, but is part of the Service group (S-1-5-6). Any service that is running under a particular user account will get the Service SID added to the access token groups.
See Also
AuthorizationHelper Class
Microsoft.WindowsServerSolutions.Common.ProviderFramework Namespace
Return to top