WindowsAccountType Enumeration

[SerializableAttribute] public enum WindowsAccountType

Syntax

[SerializableAttribute]
public enum WindowsAccountType

The WindowsAccountType enumeration defines the account types for Windows users and groups. This enumeration is used by the WindowsIdentity class to specify the type of account being represented.

Remarks

The WindowsAccountType enumeration distinguishes between different types of Windows security principals:

User: Represents a standard user account.
LocalUser: Represents a user account that is local to the machine.
DomainUser: Represents a user account that is part of a Windows domain.
System: Represents a built-in system account.
Anonymous: Represents an anonymous user, typically used for unauthenticated access.
Guest: Represents a guest account, which has limited privileges.
LocalGroup: Represents a group that is local to the machine.
DomainGroup: Represents a group that is part of a Windows domain.

When working with Windows security in .NET, understanding these account types is crucial for correctly managing permissions and identity.

Members

User = 0

LocalUser = 1

DomainUser = 2

System = 3

Anonymous = 4

Guest = 5

LocalGroup = 6

DomainGroup = 7

Example

The following example demonstrates how to use the WindowsAccountType enumeration to check the type of a Windows identity.

using System;
using System.Security.Principal;

public class AccountTypeChecker
{
    public static void Main(string[] args)
    {
        // Get the current Windows identity
        IIdentity currentIdentity = WindowsIdentity.GetCurrent();

        // Check if the identity is a Windows identity
        if (currentIdentity is WindowsIdentity windowsIdentity)
        {
            Console.WriteLine($"User: {windowsIdentity.Name}");

            // Check the account type
            switch (windowsIdentity.AccountDomainSid.ToString()) // A simplified check, AccountDomainSid can be null for local accounts
            {
                case "S-1-5-18": // Well-known SID for Local System
                    Console.WriteLine("Account Type: System");
                    break;
                case "S-1-5-2": // Well-known SID for Guest
                    Console.WriteLine("Account Type: Guest");
                    break;
                case "S-1-1-0": // Well-known SID for Everyone (often associated with anonymous-like scenarios)
                    Console.WriteLine("Account Type: Anonymous (or similar)");
                    break;
                default:
                    // For actual checking, more robust SID parsing or WindowsIdentity properties are needed.
                    // This is a simplified illustration.
                    if (windowsIdentity.IsAuthenticated && !windowsIdentity.IsGuest && !windowsIdentity.IsSystem)
                    {
                        if (windowsIdentity.User.IsWellKnown(WellKnownSidType.LocalAccount) || windowsIdentity.User.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
                        {
                             Console.WriteLine("Account Type: LocalUser or LocalGroup");
                        }
                        else if (windowsIdentity.User.IsWellKnown(WellKnownSidType.NetworkAccount))
                        {
                            Console.WriteLine("Account Type: DomainUser or DomainGroup");
                        }
                        else
                        {
                            Console.WriteLine("Account Type: Unknown");
                        }
                    }
                    else
                    {
                        Console.WriteLine("Account Type: Not Authenticated or Special");
                    }
                    break;
            }
        }
        else
        {
            Console.WriteLine("Current identity is not a Windows identity.");
        }
    }
}

.NET API Browser

WindowsAccountType Enumeration

Syntax

Remarks

Members

Example