Exam 70-553 - Access and modify identity information by using the System.Security.Principal classes.

Section 1

  • Part 4
    • Topic 6


Access and modify identity information by using the System.Security.Principal classes. (Refer System.Security.Principal namespace)

  • GenericIdentity class and GenericPrincipal class
  • WindowsIdentity class and WindowsPrincipal class
  • NTAccount class and SecurityIdentifier class
  • IIdentity interface and IPrincipal interface
  • WindowsImpersonationContext class
  • IdentityReference class and IdentityReferenceCollection class


The GenericIdentity Class represents a user with properties like Name, AuthenticationType, and IsAuthenticated. The GenericPrincipal Class represents the user and the roles that they are in. It exposes an IsInRole method to determine if the user is in a particular role.

The WindowsIdentity Class represents a windows user with the same properties as the GenericIdentity. It also has properties that contain the groups the user belongs to as well as bool flags like IsAnonymous, IsSystem and IsGuest. It also exposes a method called GetCurrent which returns a reference to the Current Logged In User and a method called GetAnonymous to get a windows indentity representing an anonymous user The WindowsPrincipal represents the user and the roles they are in and provides methods to check if the user is in those roles.

The NTAccount Class is new to .Net 2.0 and represents a user or group account. It has static methods that allow you to compare accounts.

The SecurityIdentifier Class is also new to .Net 2.0 and represents a SID (Security Identifier) and exposes comparison methods and methods for marshalling the SID.

The IIdentity Interface defines the methods and properties that represent a user. In order to implement this interface you need to expose a Name, IsAuthenticated and AuthenticationType property.

The IPrincipal Interface defines the methods and properties that represent a user and their roles. In order to implement this interface you need to expose an Identity property and an IsInRole Method.

The WindowsImpersonationContext Class represents the user prior to impersonation. Calling the Undo method will revert the Context back to the user represented by this object.

The IdentityReference Class is new to .Net 2.0 and is the base class for the NTAccount and SecurityIdentifier Classes. The IdentityReferenceCollection is just a collection of these objects.

Other Resources & Links:

GenericIndentity Class

GenericPrincipal Class

WindowsIdentity Class

WindowsPrincipal Class

NTAccount Class

SecurityIdentifier Class

IIdentity Interface

IPrincipal Interface

WindowsImpersonationContext Class

IdentityReference Class

IdentityReferenceCollection Class

Exam 70-553 - Send electronic mail to a Simple Mail Transfer Protocol (SMTP) server for delivery from a .NET Framework application.

Exam 70-553 - Control code privileges by using System.Security.Policy classes