How to programmatically determine if a user is authorized in an IIS Website

  • Article

A customer had a unique need of verifying authorized users against a website that runs on IIS. The code is short and simple if you know what component and method(s) to invoke.

 

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

using Microsoft.Web.Management.Server;

namespace ConsoleApp1

{

    class Program

    {

        static void Main(string[] args)

        {

            string message = null;

            string isUserFound = "No";

            string sprovider = null;

            string userName = "john.doe";

            ManagementAuthorizationInfoCollection authorizedCollection = ManagementAuthorization.GetAuthorizedUsers("Default Web Site", true, 0, 10);

            sprovider = "Provider: " + ManagementAuthorization.Provider;

            Console.WriteLine("{0}", sprovider);

            // Search the returned collection.

            foreach (ManagementAuthorizationInfo authorizedInfo in authorizedCollection)

            {

                // Check to see if the user is already in the allowed users collection.               

                if (userName.Equals(authorizedInfo.Name))

                {

                    isUserFound = "yes";

                }

            }

            Console.WriteLine("Does John.doe exist? {0}",isUserFound);

            Console.WriteLine("done calling Microsoft.Web.Management.dll. Hit any key");

            Console.ReadLine();

        }

    }

}