[英]How to get security group permissions for a given user/group in C#
I'm trying to find out what permissions a user has to a given security group. 我试图找出用户对给定安全组具有哪些权限。 For example do the have Read, Read/Write, Admin, etc...
例如,具有读取,读取/写入,管理等...
I get the list of groups they belong to but can't figure out how to get the permissions for those groups. 我得到了它们所属的组的列表,但无法弄清楚如何获取这些组的权限。
private static void FindUserById(PrincipalSearcher ps, PrincipalContext pc, string name)
{
var up = new UserPrincipal(pc)
{
// EmailAddress = wildcard
// GivenName = wildcard
Name = name
};
ps.QueryFilter = up;
foreach (var found in ps.FindAll())
{
if (found is UserPrincipal user)
{
string line = $"{{\"Name\":\"{user.DisplayName}\", \"Email\": \"{user.EmailAddress}\"}},";
var groups = user.GetAuthorizationGroups();
Console.WriteLine(line);
}
}
}
GetAuthorizationGroups()
will give you a list of GroupPrincipal
objects. GetAuthorizationGroups()
将为您提供GroupPrincipal
对象的列表。 However, GroupPrincipal
doesn't expose the object's permissions. 但是,
GroupPrincipal
不会公开对象的权限。 It does use DirectoryEntry
behind the scenes, which you can get access to using: 它确实在后台使用
DirectoryEntry
,您可以使用以下方法访问:
var groupDe = (DirectoryEntry) group.GetUnderlyingObject();
Then you can use the ObjectSecurity
property to view the permissions on the group object. 然后,您可以使用
ObjectSecurity
属性查看组对象的权限。
It's not terribly straight-forward though. 但是,这并不十分简单。 This question actually has some pretty thorough code to retrieve the permissions (right in the question).
这个问题实际上有一些相当详尽的代码来检索权限(在问题中正确)。 Particularly this:
特别是:
var accessRules = groupDe.ObjectSecurity.GetAccessRules(true, true, typeof(NTAccount));
foreach (ActiveDirectoryAccessRule ar in accessRules)
{
Console.WriteLine($"{ar.IdentityReference.ToString()}");
Console.WriteLine($"Inherits - {ar.InheritanceType.ToString()}");
Console.WriteLine($"ObjectType - {ar.ObjectType.ToString()}");
Console.WriteLine($"InheritedObjectType - {ar.InheritedObjectType.ToString()}");
Console.WriteLine($"ObjectFlags - {ar.ObjectFlags.ToString()}");
Console.WriteLine($"AccessControlType - {ar.AccessControlType.ToString()}");
Console.WriteLine($"ActiveDirectoryRights - {ar.ActiveDirectoryRights.ToString()}");
Console.WriteLine($"IsInherited - {ar.IsInherited.ToString()}");
Console.WriteLine($"PropagationFlags - {ar.PropagationFlags.ToString()}");
Console.WriteLine("-------");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.