I want to create a WindowsIdentity for a given user. I don't need it for impersonation, just for group membership checks. I need it to work with and without a domain (none of that S4U Kerberos delegation stuff). The constructor for WindowsIdentity that takes a username only seems to work for domain scenarios.
Is there any other way I can get a WindowsIdentity to perform access checks? The best workaround I have is to use DirectoryServices.AccountManagement to find the user then enumerate their groups.