How to programmatically determine if a user is authorized in an IIS Website
Published Nov 16 2018 07:00 AM 430 Views
First published on MSDN on Sep 05, 2018
A customer had a unique need of verifying authorized users against a website that runs on IIS. The code is short and simple if you know what component and method(s) to invoke.

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

using Microsoft.Web.Management.Server;

namespace ConsoleApp1


class Program


static void Main(string[] args)


string message = null;

string isUserFound = "No";

string sprovider = null;

string userName = "john.doe";

ManagementAuthorizationInfoCollection authorizedCollection = ManagementAuthorization.GetAuthorizedUsers("Default Web Site", true, 0, 10);

sprovider = "Provider: " + ManagementAuthorization.Provider;

Console.WriteLine("{0}", sprovider);

// Search the returned collection.

foreach (ManagementAuthorizationInfo authorizedInfo in authorizedCollection)


// Check to see if the user is already in the allowed users collection.

if (userName.Equals(authorizedInfo.Name))


isUserFound = "yes";



Console.WriteLine("Does John.doe exist? {0}",isUserFound);

Console.WriteLine("done calling Microsoft.Web.Management.dll. Hit any key");





Version history
Last update:
‎Nov 16 2018 07:00 AM
Updated by: