0

I have two ways to construct the same WindowsPrincipal object

Depending on how I construct it, I get different results for principal.IsInRole()

Here's my code:

var principal1 = new WindowsPrincipal(WindowsIdentity.GetCurrent());
var principal2 = new WindowsPrincipal(new WindowsIdentity("myName"));

principal1.IsInRole("groupName") :  returns false
principal2.IsInRole("groupName") :  returns true

principal1.Identity.Name and principal2.Identity.Name are the same.

Any idea what is happening?

orhun.begendi
  • 937
  • 3
  • 16
  • 31
Nicolas Prevot
  • 1
  • 1
  • This link is discussing the exact same problem: http://stackoverflow.com/questions/4563446/whats-the-difference-between-retrieving-windowsprincipal-from-windowsidentity-a – Nicolas Prevot Apr 07 '17 at 08:22

1 Answers1

0

those 2 principal different from each other. Because you are selecting current user and creating new user. If you check principal list from the windowsidentity you will see, principal2 of yours that you created is new and not assigned any group

var groupNames1 = from id in WindowsIdentity.GetCurrent().Groups
                 select id.Translate(typeof(NTAccount)).Value;

var groupNames2 = from id in (new WindowsIdentity("myName")).Groups
                 select id.Translate(typeof(NTAccount)).Value;

You will see groupNames1 and groupNames2 different sets of group.

orhun.begendi
  • 937
  • 3
  • 16
  • 31
  • principal2 does have groups. The same number as principal1, but they are different groups. Since both principal have the same name, shouldn't they have the same groups? – Nicolas Prevot Apr 06 '17 at 15:55