get role of user in a string variable

Question

is there a way i can get the role in a string variable using the below commands....

 System.Security.Principal.WindowsIdentity wi = System.Security.Principal.WindowsIdentity.GetCurrent();
  System.Security.Principal.WindowsPrincipal wp = new System.Security.Principal.WindowsPrincipal(wi);

i need this for

 FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,                          // version
                                                   UserName.Text,           // user name
                                                   DateTime.Now,               // creation
                                                   DateTime.Now.AddMinutes(60),// Expiration
                                                   false,                      // Persistent 
                                                   role);         // User data

as string role= wp.IsInRole();
but this is not right

something similar to this...

Answer 1

You can get a list of groups/roles that a user is part of from the WindowsIdentity.Groups property. The WindowsIdentity.Groups collection only contains the SID's (collection of IdentityReference) of the groups/roles a user is in, but not the actual names of the groups/roles. I will show you how to get the actual names of all the groups/roles a user is in.

First, get the WindowsIdentity object.

WindowsIdentity identity = WindowsIdentity.GetCurrent();

Second, use LINQ to translate the SID's (IdentityReference) to NTAccount's.

var groups = from sid in identity.Groups select sid.Translate(typeof(NTAccount)).Value;

You can then loop through the groups and store them in a string array that can be used in the FormsAuthenticationTicket. This will get you both the BUILTIN (local computer) groups/roles and also DOMAIN groups/roles the user is in.

Answer 2

For getting Roles: http://msdn.microsoft.com/en-us/library/system.web.security.roles.getrolesforuser.aspx

Use Roles.GetRolesForUser() or Roles.GetRolesForUser(Page.User.Identity.Name) to get an array of the roles the current user has. You can specify which user you want to get the roles for by Roles.GetRolesForUser("Specific UserName")

You can use String.Join(", ",Roles.GetRolesForUser()) to get a string of roles the user has.

String.Join http://msdn.microsoft.com/en-us/library/57a79xd0.aspx

Hope this helps.

Answer 3

You seem to be mixing apples and oranges. Are you using Windows or Forms authentication?

In either case, you can get the user's roles from the RoleProvider, if it is implemented.

Examining the thread's current principal only exposes a check method, as you know, IsInRole, whereas the role provider will return a string array of roles the user belongs to.

But I have to ask why you are packing a role(s) into the ticket? The only valid use case I can see for this is you are consolidating external auth/role silos.

If you explain your scenario and requirements a bit more fully I am sure we can find a specific solution to your problem.

Answer 4

Like so?

public static string FormsAuthUserData
{
    get
    {
        IPrincipal principal = Thread.CurrentPrincipal;
        if (principal == null) return null;
        FormsIdentity identity = principal.Identity as FormsIdentity;
        if (identity == null) return null;
        FormsAuthenticationTicket ticket = identity.Ticket;
        return ticket == null ? null : ticket.UserData;
    }
}