internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs) { // Verify whether the user is in the service account group. Throw an exception if it is not. IGroupSecurityService gss = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService)); Identity serviceAccountIdentity = gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, null, QueryMembership.None); TeamFoundationIdentity authenticatedUser; tfs.GetAuthenticatedIdentity(out authenticatedUser); if (null == authenticatedUser) { return; } Identity authenticatedUserId = gss.Convert(authenticatedUser); if (!gss.IsMember(serviceAccountIdentity.Sid, authenticatedUserId.Sid)) { throw new PermissionException( string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()), authenticatedUserId.AccountName, authenticatedUserId.Domain, serviceAccountIdentity.DisplayName); } TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName); }