Reputation: 4208
Get user account group using windows principle
I have a quick question.
Actually i am working in windows environment version 10.0.16299.0 and UWP. What i am trying to do is get information about user account info, its name and if its admin or user, shortly code looks like this:
public class Priciple
{
public string UserName { get; set; }
public string AccountDomainSid { get; set; }
public List<string> Claims { get; set; }
public string AdminRole { get; set; }
public string UserRole { get; set; }
public void GetUserInfo()
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
UserName = identity.Name;
AccountDomainSid = identity.User?.AccountDomainSid.Value ?? "Unknown";
Claims = identity.Claims.Select(claim => claim.Value).ToList();
AdminRole = $"Admin role {principal.IsInRole(@"BUILTIN\Administrators")}";
UserRole = $"User role {principal.IsInRole(@"BUILTIN\Users")}";
}
}
Now, I am getting list of SID and username and other stuff, so simple display of class looks like:
User Name - DESKTOP-ISLHFK5\Administrator Domain Sid - S-1-5-21-134928182-1594639943-345264679 Local Account an groups Sid: DESKTOP-ISLHFK5\Administrator S-1-5-21-134928182-1594639943-345264679-500 - as far I understand this is administrator account S-1-5-21-134928182-1594639943-345264679-513 S-1-5-21-134928182-1594639943-345264679-513 S-1-1-0 S-1-5-114 S-1-5-21-134928182-1594639943-345264679-1002 S-1-5-21-134928182-1594639943-345264679-1051 S-1-5-32-544 S-1-5-32-562 S-1-5-32-559 S-1-5-32-545 S-1-5-14 S-1-5-4 S-1-5-11 S-1-5-15 S-1-5-113 S-1-2-0 S-1-5-64-10
But as i check for admin i am getting:
Priviliges info Admin role False
Now any idea why is that??
Upvotes: 0
Views: 223
Answers (2)
Reputation: 131732
That's explained in the documentation of WindowsBuiltInRole :
In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token.
By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group.
You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator.
Try again with myPrincipal.IsInRole(WindowsBuiltInRole.Administrator) to check if the account is an administrator
Upvotes: 1
Reputation: 13146
Would you try to use WindowsBuiltInRole.Administrator;
var AdminRole = $"Admin role {principal.IsInRole(WindowsBuiltInRole.Administrator)}";
Upvotes: 1
Related Questions
- How to get the groups of a user in Active Directory? (c#, asp.net)
- Get the list of Groups for the given UserPrincipal
- C# Get all groups of specific user from Active Directory
- Get a list of members of a WinNT group
- find out user belongs to which groups
- Retrieve the Active Directory groups of the current user
- Get User and group details using NTLM authentication
- How to get the groups of a user in Active Directory?
- get users by group in sharepoint
- UserPrincipal GetAuthorizationGroups Method