public virtual bool IsInRole(SecurityIdentifier sid)
{
if (sid == null)
{
throw new ArgumentNullException("sid");
}
if (this.m_identity.AccessToken.IsInvalid)
{
return(false);
}
SafeAccessTokenHandle invalidHandle = SafeAccessTokenHandle.InvalidHandle;
if (this.m_identity.ImpersonationLevel == TokenImpersonationLevel.None && !Win32Native.DuplicateTokenEx(this.m_identity.AccessToken, 8U, IntPtr.Zero, 2U, 2U, ref invalidHandle))
{
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
}
bool result = false;
if (!Win32Native.CheckTokenMembership((this.m_identity.ImpersonationLevel != TokenImpersonationLevel.None) ? this.m_identity.AccessToken : invalidHandle, sid.BinaryForm, ref result))
{
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
}
invalidHandle.Dispose();
return(result);
}
public virtual bool IsInRole(SecurityIdentifier sid)
{
if (sid == null)
{
throw new ArgumentNullException("sid");
}
Contract.EndContractBlock();
// special case the anonymous identity.
if (m_identity.TokenHandle.IsInvalid)
{
return(false);
}
// CheckTokenMembership expects an impersonation token
SafeTokenHandle token = SafeTokenHandle.InvalidHandle;
if (m_identity.ImpersonationLevel == TokenImpersonationLevel.None)
{
if (!Win32Native.DuplicateTokenEx(m_identity.TokenHandle,
(uint)TokenAccessLevels.Query,
IntPtr.Zero,
(uint)TokenImpersonationLevel.Identification,
(uint)TokenType.TokenImpersonation,
ref token))
{
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
}
}
bool isMember = false;
// CheckTokenMembership will check if the SID is both present and enabled in the access token.
if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.TokenHandle : token),
sid.BinaryForm,
ref isMember))
{
throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
}
token.Dispose();
return(isMember);
}