My.User.IsInRole

Question

Hello,

I am trying to run a simple procedure on my windows form to check if the user is an administrator.

If Not My.User.IsInRole(ApplicationServices.BuiltInRole.Administrator) Then
                MessageBox.Show("You must be an administrator to run this application", "Insufficient Priviledges")
                Application.Exit()
End If

Amazingly, the conditional returns False, even though I am logged in to an adminstrator account and I am running VS as an adminstrator.

What else should I be checking?

Thanks

Answer 1

Hi,

What OS are you running on, and do you have UAC enabled if it is Vista or Windows 7 ? I'm not sure whether the above function will return true or false if you are an admin but not 'elevated' under the new OS' (and therefore don't really have admin permissions yet).

Answer 2

Hello

I agree with Yort. This is typically caused by the UAC feature in Windows Vista and newer operating systems. When UAC is turnned on, a user logged in as admin is still regarded as a standard user. Only when the process is elevated (run as administrator) will it have real admin previledges.

For more information about development with UAC, please refer to the article:
http://msdn.microsoft.com/en-us/library/aa511445.aspx
http://msdn.microsoft.com/en-us/library/bb756990.aspx

---

Regards,
Jialiang Ge
MSDN Subscriber Support in Forum
If you have any feedback of our support, please contact msdnmg@microsoft.com.
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.

Answer 3

Right-click your program and select “Run as administrator” to run elevated. If you now get the expected results, your application has yet to be made UAC-ready. 

(Expl.: Testing if the current principal is in the role of an administrator will allways return false if your application is not running elevated, because even if you are a member of the administrators group, your token will be filtered prior to elevation so your admin status is not visible.)

You should set requestedExecutionLevel level="requireAdministrator" in the manifest file for your application to support elevation. Once set, you don't need the code above anymore.

Answer 4

Thanks for the replies.

I should have mentioned that I have tested it with UAC turned on and off.
I have tested it by running as administrator (that is, running VS as adminstrator and going through debug mode).

Marcel, how do I access the manifest file and set that property?

Thanks.

Answer 5

It's quite simple. You can access the UAC settings from your Visual Studio project designer: right-click on your project > properties > application pane > view uac settings. Please refer to http://msdn.microsoft.com/en-us/library/tzdks800.aspx for details.

Answer 6

I have set the property in the manifest file.

However, the build fails with

ClickOnce does not support the request execution level 'requireAdministrator'

THe strange thing about this is we are not even using ClickOnce deployment...

Answer 7

ClickOnce is still probably the culprit (you can't use clickonce to deploy an application that requires administrative rights on a system). As a first try UNCHECK the enable ClickOnce security settings on the Security tab.

There's an article on this (http://msdn.microsoft.com/en-us/library/bb383802.aspx).

Answer 8

Hi. I am quite fine with following at XP

  Shared Function isCurrentUserAdmin() As Boolean
    Dim user As Security.Principal.WindowsIdentity
    Dim userP As Security.Principal.WindowsPrincipal
    user = Security.Principal.WindowsIdentity.GetCurrent
    userP = New Security.Principal.WindowsPrincipal(user)
    Return userP.IsInRole(Security.Principal.WindowsBuiltInRole.Administrator)
  End Function 

Best Regards,
Matt