Categories
Security

WindowsPrincipal.IsInRole doesn’t reflect changes until restart

Just an observation sometime ago that if you create a new Windows Role and add a user to it and create a WindowsPrincipal using that user, the IsInRole method doesn't reflect the membership change made until a restart is made. [more]

For example, given the code below (Console Application project)

using System;

using System.Collections.Generic;

using System.Text;

using System.Security.Principal;

 

namespace WindowsPrincipalTest

{

    class Program

    {

        static void Main(string[] args)

        {

            WindowsIdentity ident = WindowsIdentity.GetCurrent();

            WindowsPrincipal principal = new WindowsPrincipal(ident);

            Console.WriteLine("IsAdmin = " + principal.IsInRole(WindowsBuiltInRole.Administrator));

            Console.WriteLine("IsCustomRole = " + principal.IsInRole("CustomRole"));

            Console.ReadKey();

        }

    }

}

assuming that you have no CustomRole when executing this code for the first time you see the following output

Then create a role named "CustomRole" (if not yet present) then add yourself (or the user which you will use to execute the sample code) as a member of that role.

I usually do this using ComputerManagement MMC (Start > Settings > Control Panel > Administrative Tools OR Start > Run > compmgmt.msc > OK) > System Tools > Local Users / Groups node.

After which, execute the code/application again and you should see the same output as above, IsCustomRole should still be false.

And you should notice that unless you restart your computer the membership change will not be reflected. (** just a reminder to make sure you save documents before restarting)