Windows 7 : Developing Applications with Enhanced Security - CREATING AN APPLICATION WITH ENHANCED SECURITY (part 2) - Developing for Security Roles

2/10/2014 3:04:32 AM

2.2. Developing for Security Roles

Role-Based Security asks the question of whether some entity (a user, the system, a program) is in a particular role. If it's in that role, the entity can likely access a system resource or application feature safely. The concept of a role is different from something more absolute like a group. When you're a member of a group, you have the same access whether you access the system from a local machine or the Internet. A role does include the idea of group membership, but this is membership based on the environment — the kind of access requested in a given situation from a specific location. An entity's security role changes, rather than being absolute. The following sections describe how to check a user's role based on the evidence presented by the application's current domain.

2.2.1. Configuring the Security Role Example

This example begins with a Windows Forms application. You add a Test button (btnTest). In addition, you need to add the following using statements:

using System.Security.Principal;
using System.Threading;

2.2.2. Creating the Security Role Example Code

It may surprise you to learn how many roles a particular user fulfills at any given time. The example in this section obtains the identity of the current user — the one logged in to the system. It then discovers the roles that the user fulfills. Listing 3 shows the code required for this example.

Example 3. Using the IsInRole() method
private void btnTest_Click(object sender, System.EventArgs e)
WindowsPrincipal MyPrincipal; // The role we want to check.
AppDomain MyDomain; // The current domain.
StringBuilder Output; // Example output data.
Array RoleTypes; // Standard role types.

// Set the principal policy for this application.
MyDomain = Thread.GetDomain();

// Get the role and other security information for the current
// user.
MyPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;

// Get the user name.
Output = new StringBuilder();
Output.Append("Name: " + MyPrincipal.Identity.Name);

// Get the authentication type.
Output.Append("\r\nAuthentication: " +


// Create an array of built-in role types.
RoleTypes = Enum.GetValues(typeof(WindowsBuiltInRole));

// Check the user's role.
foreach(WindowsBuiltInRole Role in RoleTypes)

// Store the role name.
if (Role.ToString().Length <= 5)
Output.Append("\r\n" + Role.ToString() + ":\t\t");
Output.Append("\r\n" + Role.ToString() + ":\t");

// Store the role value.


// Output the result.
"User Role Values",

The code begins by obtaining the domain for the current thread. . The program executes in an application domain, and we can obtain information about that domain. In this case, the code sets the security policy for this domain equal to the same policy used by Windows. The application is now executing with the same policy that the user has when working with Windows. You could theoretically change that policy depending on conditions such as user location.

Now that the code has set the security policy for the thread, it uses that information to create a WindowsPrincipal object, MyPrincipal. This object knows all kinds of security information about the user. The code shows how you can obtain the user name and the method of authentication used.

Figure 1. A view of the output from an IsInRole() method check.

The most important use for MyPrincipal is to determine which roles the user is in. You probably haven't defined any roles as part of a CASPol configuration process, so the example uses the WindowsBuiltInRole enumeration to check the standard types. If the user is in the requested role, the IsInRole() method returns true. This value is converted to a string and placed in Output. Figure 1 shows typical output from this example. Of course, the results will change when you run the program on your system because the dialog box will reflect your name and rights.

The important concept to take away from this example is that Role-Based Security performs a task similar to standard Windows security, but using a different and more flexible technique. Because of the differences between Windows security and Role-Based Security, you may need to rely on the groups provided by NT security, especially when working in an environment that has a mix of managed and unmanaged code. 

  •  Windows 7 : Developing Applications with Enhanced Security - CONSIDERING MODERN APPLICATION SECURITY REQUIREMENTS (part 3) - Working with Security Policies
  •  Windows 7 : Developing Applications with Enhanced Security - CONSIDERING MODERN APPLICATION SECURITY REQUIREMENTS (part 2) - Adding Permissions
  •  Windows 7 : Developing Applications with Enhanced Security - CONSIDERING MODERN APPLICATION SECURITY REQUIREMENTS (part 1)
  •  Microsoft Exchange Server 2010 : Indexing Exchange Public Folders
  •  Microsoft Exchange Server 2010 : Email Integration (part 3) - Configuring Incoming Email - Directory Management Service, Troubleshooting Incoming Email
  •  Microsoft Exchange Server 2010 : Email Integration (part 2) - Configuring Incoming Email
  •  Microsoft Exchange Server 2010 : Email Integration (part 1) - Configuring Outgoing Email
  •  D-Link HD Wireless Outdoor Cloud Camera DCS-2332L
  •  Windows 7 : Programming WMI Support (part 5) - Techniques for Testing WMI Driver Support, WMI Event Tracing
  •  Windows 7 : Programming WMI Support (part 4) - Troubleshooting Specific WMI Problems
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    Popular Tags
    Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Exchange Server Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe Photoshop CorelDRAW X5 CorelDraw 10 windows Phone 7 windows Phone 8 Iphone