The .NET Framework provides the WindowsPrincipal and GenericPrincipal classes, which provide basic role-checking functionality for Windows and non- Windows authentication mechanisms respectively. Both classes implement the IPrincipal interface. To be used for authorization, ASP.NET requires that these objects are stored in HttpContext.User. For Windows-based applications, they must be stored in Thread.CurrentPrincipal.

The functionality offered by these classes is sufficient for most application scenarios. Applications can explicitly call the IPrincipal.IsInRole method to perform programmatic role checks. The Demand method of the PrincipalPermission class, when used to demand that a caller belong to a particular ...