I use the WindowsPrincipal IsInRole method to check group memberships in WPF and Winforms applications. I create an identity token that can be for any AD user (not necessarily the user who is really logged in) - depending on what I do, I do not necessarily authenticate, I just use the token of the main information level (I think that his correct name is "identity token").
When this code is first run on a specific computer, the operating system generates an identification token for the specified user. This token is then used by the IsInRole function to verify group membership. It's fast, so I really like it. However, subsequent calls to create a WindowsIdentity / WindowsPrincipal refer to an existing token instead of creating a new one. The only way I know how to update the token is to exit the computer or restart (which clears the marker cache). Does anyone know a better way to reset cached identity tokens?
C # code example:
Using System.Security.Principal; WindowsIdentity impersonationLevelIdentity = new WindowsIdentity("Some_UserID_That_Isn't_Me", null); WindowsPrincipal identityWindowsPrincipal = new WindowsPrincipal(impersonationLevelIdentity); If (identityWindowsPrincipal.IsInRole("AN_AD_GROUP")) { ...
VB:
Imports System.Security.Principal Dim impersonationLevelIdentity = New WindowsIdentity("Some_UserID_That_Isn't_Me", Nothing) Dim identityWindowsPrincipal = New WindowsPrincipal(impersonationLevelIdentity) if identityWindowsPrincipal.IsInRole("AN_AD_GROUP") then...
source share