Compartilhar via


AuthorizationHelper.DemandOne Method (SecurityIdentifier[], Boolean)

 

Determines whether the current thread principal is a member of one of the specified groups.

Namespace:   Microsoft.WindowsServerSolutions.Common.ProviderFramework
Assembly:  ProviderFramework (in ProviderFramework.dll)

Syntax

public static bool DemandOne(
    SecurityIdentifier[] groupSids,
    bool throwIfFailed
)
public:
static bool DemandOne(
    array<SecurityIdentifier^>^ groupSids,
    bool throwIfFailed
)
Public Shared Function DemandOne (
    groupSids As SecurityIdentifier(),
    throwIfFailed As Boolean
) As Boolean

Parameters

  • throwIfFailed
    Type: System.Boolean

    If this value is true, IntentionalFaultException of SecurityAccessDeniedException is thrown if the principal failed the authorization check. An argument exception is thrown for any invalid arguments regardless of this value.

Return Value

Type: System.Boolean

true if the current thread principal is a member of the one of the groups; otherwise, false.

Remarks

If the current thread principal is a member of one of the listed groups, no exception is thrown; otherwise, IntentionalFaultException of SecurityAccessDeniedException is thrown.

A principal object represents the security context of the user on whose behalf the code is running, which includes the identity of the user (IIdentity) and any roles to which they belong.

By default, the domain administrators account is a member of the built-in administrators group (S-1-5-32-544). LocalSystem is a member of the built-in administrators group. Network Service is not part of the built-in administrators group, but is part of the Service group (S-1-5-6). Any service that is running under a particular user account will get the Service SID added to the access token groups.

See Also

AuthorizationHelper Class
Microsoft.WindowsServerSolutions.Common.ProviderFramework Namespace

Return to top