System.Security.Principal.Windows [SECURITY CRITICAL] Provides a safe handle to a Windows thread or process access token. For more information see Access Tokens [SECURITY CRITICAL] Initializes a new instance of the class. An object that represents the pre-existing handle to use. Using returns an invalid handle. [SECURITY CRITICAL] Returns an invalid handle by instantiating a object with . Returns a object. [SECURITY CRITICAL] Gets a value that indicates whether the handle is invalid. true if the handle is not valid; otherwise, false. Represents an exception for a principal whose identity could not be mapped to a known identity. Initializes a new instance of the class. Initializes a new instance of the class by using the specified error message. The error message that explains the reason for the exception. Initializes a new instance of the class by using the specified error message and inner exception. The error message that explains the reason for the exception. The exception that is the cause of the current exception. If is not null, the current exception is raised in a catch block that handles the inner exception. Represents the collection of unmapped identities for an exception. The collection of unmapped identities. Represents an identity and is the base class for the and classes. This class does not provide a public constructor, and therefore cannot be inherited. Returns a value that indicates whether the specified object equals this instance of the class. true if is an object with the same underlying type and value as this instance; otherwise, false. An object to compare with this instance, or a null reference. Serves as a hash function for . is suitable for use in hashing algorithms and data structures like a hash table. The hash code for this object. Returns a value that indicates whether the specified type is a valid translation type for the class. true if is a valid translation type for the class; otherwise, false. The type being queried for validity to serve as a conversion from . The following target types are valid: Compares two objects to determine whether they are equal. They are considered equal if they have the same canonical name representation as the one returned by the property or if they are both null. true if and are equal; otherwise, false. The left operand to use for the equality comparison. This parameter can be null. The right operand to use for the equality comparison. This parameter can be null. Compares two objects to determine whether they are not equal. They are considered not equal if they have different canonical name representations than the one returned by the property or if one of the objects is null and the other is not. true if and are not equal; otherwise, false. The left operand to use for the inequality comparison. This parameter can be null. The right operand to use for the inequality comparison. This parameter can be null. Returns the string representation of the identity represented by the object. The identity in string format. Translates the account name represented by the object into another -derived type. The converted identity. The target type for the conversion from . Gets the string value of the identity represented by the object. The string value of the identity represented by the object. Represents a collection of objects and provides a means of converting sets of -derived objects to -derived types. Initializes a new instance of the class with zero items in the collection. Initializes a new instance of the class by using the specified initial size. The initial number of items in the collection. The value of is a hint only; it is not necessarily the maximum number of items created. Adds an object to the collection. The object to add to the collection. Clears all objects from the collection. Indicates whether the collection contains the specified object. true if the collection contains the specified object. The object to check for. Copies the collection to an array, starting at the specified index. An array object to which the collection is to be copied. The zero-based index in where the collection is to be copied. Gets the number of items in the collection. The number of objects in the collection. Gets an enumerator that can be used to iterate through the collection. An enumerator for the collection. Sets or gets the node at the specified index of the collection. The at the specified index in the collection. If is greater than or equal to the number of nodes in the collection, the return value is null. The zero-based index in the collection. Removes the specified object from the collection. true if the specified object was removed from the collection. The object to remove. Gets an enumerator that can be used to iterate through the collection. An enumerator for the collection. Converts the objects in the collection to the specified type. Calling this method is the same as calling with the second parameter set to false, which means that exceptions will not be thrown for items that fail conversion. A collection that represents the converted contents of the original collection. The type to which items in the collection are being converted. Converts the objects in the collection to the specified type and uses the specified fault tolerance to handle or ignore errors associated with a type not having a conversion mapping. A collection that represents the converted contents of the original collection. The type to which items in the collection are being converted. A Boolean value that determines how conversion errors are handled.If is true, conversion errors due to a mapping not being found for the translation result in a failed conversion and exceptions being thrown.If is false, types that failed to convert due to a mapping not being found for the translation are copied without being converted into the collection being returned. Represents a user or group account. Initializes a new instance of the class by using the specified name. The name used to create the object. This parameter cannot be null or an empty string. is null. is an empty string.-or- is too long. Initializes a new instance of the class by using the specified domain name and account name. The name of the domain. This parameter can be null or an empty string. Domain names that are null values are treated like an empty string. The name of the account. This parameter cannot be null or an empty string. is null. is an empty string.-or- is too long.-or- is too long. Returns a value that indicates whether this object is equal to a specified object. true if is an object with the same underlying type and value as this object; otherwise, false. An object to compare with this object, or null. Serves as a hash function for the current object. The method is suitable for hashing algorithms and data structures like a hash table. A hash value for the current object. Returns a value that indicates whether the specified type is a valid translation type for the class. true if is a valid translation type for the class; otherwise false. The type being queried for validity to serve as a conversion from . The following target types are valid:- - Compares two objects to determine whether they are equal. They are considered equal if they have the same canonical name representation as the one returned by the property or if they are both null. true if and are equal; otherwise false. The left operand to use for the equality comparison. This parameter can be null. The right operand to use for the equality comparison. This parameter can be null. Compares two objects to determine whether they are not equal. They are considered not equal if they have different canonical name representations than the one returned by the property or if one of the objects is null and the other is not. true if and are not equal; otherwise false. The left operand to use for the inequality comparison. This parameter can be null. The right operand to use for the inequality comparison. This parameter can be null. Returns the account name, in Domain\Account format, for the account represented by the object. The account name, in Domain\Account format. Translates the account name represented by the object into another -derived type. The converted identity. The target type for the conversion from . The target type must be a type that is considered valid by the method. is null. is not an type. Some or all identity references could not be translated. The source account name is too long.-or-A Win32 error code was returned. Returns an uppercase string representation of this object. The uppercase string representation of this object. Represents a security identifier (SID) and provides marshaling and comparison operations for SIDs. Initializes a new instance of the class by using a specified binary representation of a security identifier (SID). The byte array that represents the SID. The byte offset to use as the starting index in . Initializes a new instance of the class by using an integer that represents the binary form of a security identifier (SID). An integer that represents the binary form of a SID. Initializes a new instance of the class by using the specified well known security identifier (SID) type and domain SID. One of the enumeration values. This value must not be . The domain SID. This value is required for the following values. This parameter is ignored for any other values.- - - - - - - - - - - - - Initializes a new instance of the class by using the specified security identifier (SID) in Security Descriptor Definition Language (SDDL) format. SDDL string for the SID used to create the object. Returns the account domain security identifier (SID) portion from the SID represented by the object if the SID represents a Windows account SID. If the SID does not represent a Windows account SID, this property returns . The account domain SID portion from the SID represented by the object if the SID represents a Windows account SID; otherwise, it returns . Returns the length, in bytes, of the security identifier (SID) represented by the object. The length, in bytes, of the SID represented by the object. Compares the current object with the specified object. A signed number indicating the relative values of this instance and .Return Value Description Less than zero This instance is less than . Zero This instance is equal to . Greater than zero This instance is greater than . The object to compare with the current object. Returns a value that indicates whether this object is equal to a specified object. true if is an object with the same underlying type and value as this object; otherwise, false. An object to compare with this object, or null. Indicates whether the specified object is equal to the current object. true if the value of is equal to the value of the current object. The object to compare with the current object. Copies the binary representation of the specified security identifier (SID) represented by the class to a byte array. The byte array to receive the copied SID. The byte offset to use as the starting index in . Serves as a hash function for the current object. The method is suitable for hashing algorithms and data structures like a hash table. A hash value for the current object. Returns a value that indicates whether the security identifier (SID) represented by this object is a valid Windows account SID. true if the SID represented by this object is a valid Windows account SID; otherwise, false. Returns a value that indicates whether the security identifier (SID) represented by this object is from the same domain as the specified SID. true if the SID represented by this object is in the same domain as the SID; otherwise, false. The SID to compare with this object. Returns a value that indicates whether the specified type is a valid translation type for the class. true if is a valid translation type for the class; otherwise, false. The type being queried for validity to serve as a conversion from . The following target types are valid:- - Returns a value that indicates whether the object matches the specified well known security identifier (SID) type. true if is the SID type for the object; otherwise, false. A value to compare with the object. Returns the maximum size, in bytes, of the binary representation of the security identifier. Returns the minimum size, in bytes, of the binary representation of the security identifier. Compares two objects to determine whether they are equal. They are considered equal if they have the same canonical representation as the one returned by the property or if they are both null. true if and are equal; otherwise, false. The left operand to use for the equality comparison. This parameter can be null. The right operand to use for the equality comparison. This parameter can be null. Compares two objects to determine whether they are not equal. They are considered not equal if they have different canonical name representations than the one returned by the property or if one of the objects is null and the other is not. true if and are not equal; otherwise, false. The left operand to use for the inequality comparison. This parameter can be null. The right operand to use for the inequality comparison. This parameter can be null. Returns the security identifier (SID), in Security Descriptor Definition Language (SDDL) format, for the account represented by the object. An example of the SDDL format is S-1-5-9. The SID, in SDDL format, for the account represented by the object. Translates the account name represented by the object into another -derived type. The converted identity. The target type for the conversion from . The target type must be a type that is considered valid by the method. is null. is not an type. Some or all identity references could not be translated. A Win32 error code was returned. Returns an uppercase Security Descriptor Definition Language (SDDL) string for the security identifier (SID) represented by this object. An uppercase SDDL string for the SID represented by the object. Defines the privileges of the user account associated with the access token. The user can change the default owner, primary group, or discretionary access control list (DACL) of the token. The user can change the attributes of the groups in the token. The user can enable or disable privileges in the token. The user can adjust the session identifier of the token. The user has all possible access to the token. The user can attach a primary token to a process. The user can duplicate the token. The user can impersonate a client. The maximum value that can be assigned for the enumeration. The user can query the token. The user can query the source of the token. The user has standard read rights and the privilege for the token. The user has standard write rights and the , and privileges for the token. Defines a set of commonly used security identifiers (SIDs). Indicates a SID that matches the account administrators group. Indicates a SID that matches the certificate administrators group. Indicates a SID that matches the account computer group. Indicates a SID that matches the account controller group. Indicates a SID that matches the account domain administrator group. Indicates a SID that matches the account domain guests group. Indicates a SID that matches the account domain users group. Indicates a SID that matches the enterprise administrators group. Indicates a SID that matches the account guest group. Indicates a SID that matches the account Kerberos target group. Indicates a SID that matches the policy administrators group. Indicates a SID that matches the RAS and IAS server account. Indicates a SID that matches the schema administrators group. Indicates a SID for the anonymous account. Indicates a SID for an authenticated user. Indicates a SID for a batch process. This SID is added to the process of a token when it logs on as a batch job. Indicates a SID that matches the account operators account. Indicates a SID that matches the administrator account. Indicates a SID that matches the Windows Authorization Access group. Indicates a SID that matches the backup operators group. Indicates a SID that matches the domain account. Indicates a SID that matches the guest account. Indicates a SID that allows a user to create incoming forest trusts. It is added to the token of users who are a member of the Incoming Forest Trust Builders built-in group in the root domain of the forest. Indicates a SID that matches the network operators group. Indicates a SID that matches the group of users that have remote access to monitor the computer. Indicates a SID that matches the group of users that have remote access to schedule logging of performance counters on this computer. Indicates a SID that matches the power users group. Indicates a SID that matches pre-Windows 2000 compatible accounts. Indicates a SID that matches the print operators group. Indicates a SID that matches remote desktop users. Indicates a SID that matches the replicator account. Indicates a SID that matches the system operators group. Indicates a SID that matches built-in user accounts. Indicates a creator group server SID. Indicates a SID that matches the creator group of an object. Indicates a creator owner server SID. Indicates a SID that matches the owner or creator of an object. Indicates a SID for a dial-up account. Indicates a SID present when the Microsoft Digest authentication package authenticated the client. Indicates a SID for an enterprise controller. Indicates a SID for an interactive account. This SID is added to the process of a token when it logs on interactively. Indicates a SID that matches a local service. Indicates a local SID. Indicates a SID that matches the local system. Indicates a SID that matches logon IDs. Indicates the maximum defined SID in the enumeration. Indicates a SID that matches a network service. Indicates a SID for a network account. This SID is added to the process of a token when it logs on across a network. Indicates a SID for the Windows NT authority. Indicates a SID present when the Microsoft NTLM authentication package authenticated the client. Indicates a null SID. Indicates a SID present when the user authenticated across a forest with the selective authentication option enabled. If this SID is present, then cannot be present. Indicates a proxy SID. Indicates a SID that matches remote logons. Indicates a SID for restricted code. Indicates a SID present when the Secure Channel (SSL/TLS) authentication package authenticated the client. Indicates a SID for self. Indicates a SID for a service. This SID is added to the process of a token when it logs on as a service. Indicates a SID that matches a terminal server account. Indicates a SID present when the user authenticated from within the forest or across a trust that does not have the selective authentication option enabled. If this SID is present, then cannot be present. Indicates a SID is present in a server that can issue Terminal Server licenses. Indicates a SID that matches everyone. Specifies common roles to be used with . Account operators manage the user accounts on a computer or domain. Administrators have complete and unrestricted access to the computer or domain. Backup operators can override security restrictions for the sole purpose of backing up or restoring files. Guests are more restricted than users. Power users possess most administrative permissions with some restrictions. Thus, power users can run legacy applications, in addition to certified applications. Print operators can take control of a printer. Replicators support file replication in a domain. System operators manage a particular computer. Users are prevented from making accidental or intentional system-wide changes. Thus, users can run certified applications, but not most legacy applications. Represents a Windows user. Initializes a new instance of the class for the user represented by the specified Windows account token. The account token for the user on whose behalf the code is running. is 0.-or- is duplicated and invalid for impersonation. The caller does not have the correct permissions. -or-A Win32 error occurred. Initializes a new instance of the class for the user represented by the specified Windows account token and the specified authentication type. The account token for the user on whose behalf the code is running. (Informational use only.) The type of authentication used to identify the user. For more information, see Remarks. is 0.-or- is duplicated and invalid for impersonation. The caller does not have the correct permissions. -or-A Win32 error occurred. [SECURITY CRITICAL] Gets this for this instance. Returns a . Releases all resources used by the . Releases the unmanaged resources used by the and optionally releases the managed resources. true to release both managed and unmanaged resources; false to release only unmanaged resources. Returns a object that you can use as a sentinel value in your code to represent an anonymous user. The property value does not represent the built-in anonymous identity used by the Windows operating system. An object that represents an anonymous user. Returns a object that represents the current Windows user. An object that represents the current user. The caller does not have the correct permissions. Returns a object that represents the Windows identity for either the thread or the process, depending on the value of the parameter. An object that represents a Windows user. true to return the only if the thread is currently impersonating; false to return the of the thread if it is impersonating or the of the process if the thread is not currently impersonating. Returns a object that represents the current Windows user, using the specified desired token access level. An object that represents the current user. A bitwise combination of the enumeration values. Gets the groups the current Windows user belongs to. An object representing the groups the current Windows user belongs to. Gets the impersonation level for the user. One of the enumeration values that specifies the impersonation level. Gets a value that indicates whether the user account is identified as an anonymous account by the system. true if the user account is an anonymous account; otherwise, false. Gets a value indicating whether the user account is identified as a account by the system. true if the user account is a account; otherwise, false. Gets a value indicating whether the user account is identified as a account by the system. true if the user account is a account; otherwise, false. Gets the security identifier (SID) for the token owner. An object for the token owner. Runs the specified action as the impersonated Windows identity. Instead of using an impersonated method call and running your function in , you can use and provide your function directly as a parameter. The SafeAccessTokenHandle of the impersonated Windows identity. The System.Action to run. Runs the specified function as the impersonated Windows identity. Instead of using an impersonated method call and running your function in , you can use and provide your function directly as a parameter. Returns the result of the function. The SafeAccessTokenHandle of the impersonated Windows identity. The System.Func to run. The type of object used by and returned by the function. Gets the security identifier (SID) for the user. An object for the user. Enables code to check the Windows group membership of a Windows user. Initializes a new instance of the class by using the specified object. The object from which to construct the new instance of . is null. Determines whether the current principal belongs to the Windows user group with the specified relative identifier (RID). true if the current principal is a member of the specified Windows user group, that is, in a particular role; otherwise, false. The RID of the Windows user group in which to check for the principal’s membership status. Determines whether the current principal belongs to the Windows user group with the specified security identifier (SID). true if the current principal is a member of the specified Windows user group; otherwise, false. A that uniquely identifies a Windows user group. is null. Windows returned a Win32 error. Determines whether the current principal belongs to the Windows user group with the specified . true if the current principal is a member of the specified Windows user group; otherwise, false. One of the values. is not a valid value.