堆栈内存溢出
  简体   繁体   English

C# .NET 核心:将身份参考 SID 转换为 Active Directory 组和用户的显示值

[英]C# .NET Core: translate Identity reference SID to display value for Active Directory groups and users

 原文  2021-05-03 05:11:35       c#/ .net-core/ active-directory

问题描述

I'm switching an API from .NET Framework to .NET Core and running into some differences in the behavior of Directory.Services.AccountManagement vs System.IO.FileSystem.AccessControl in .NET Core 3.1. I'm switching an API from .NET Framework to .NET Core and running into some differences in the behavior of Directory.Services.AccountManagement vs System.IO.FileSystem.AccessControl in .NET Core 3.1.

The issue in the .NET Core code is I'm trying to get the Active Directory group name (or user name) for each rule for a file. .NET 核心代码中的问题是我正在尝试获取文件的每个规则的 Active Directory 组名(或用户名)。 I can get the sid, but the FileSystemAccessRule.IdentifyReference.Translate() method throws an exception for AD groups.我可以获得 sid,但FileSystemAccessRule.IdentifyReference.Translate()方法会为 AD 组引发异常。

Here's what I have: I can get the SID in the id variable, but I need the actual group name (or user name)这就是我所拥有的:我可以在id变量中获取 SID,但我需要实际的组名(或用户名)

using System.Security.AccessControl;
using System.Security.Principal;

namespace ConsoleCoreAclsPoc
{
    class Program
    {
        static void Main(string[] args)
        {
            var fn = args[0];

            var rules = new FileSecurity(fn, AccessControlSections.All | AccessControlSections.Access)
                               .GetAccessRules(true,true,typeof(NTAccount));

            foreach (AuthorizationRule rule in rules)
            {
                FileSystemAccessRule fileRule = rule as FileSystemAccessRule;

                if (fileRule != null)
                {
                    var id = fileRule.IdentityReference;//.Translate(typeof(NTAccount));
                    var read = fileRule.FileSystemRights.HasFlag(FileSystemRights.ReadAndExecute);
                    var write = fileRule.FileSystemRights.HasFlag(FileSystemRights.Modify);
                    var admin = fileRule.FileSystemRights.HasFlag(FileSystemRights.FullControl);

                    if (!admin)
                    {
                        // do stuff to the non-admins
                    }
                }
            }
        }
    }
}

1 个解决方案

解决方案1
 0  2021-05-03 11:33:33

I tested your code and found an exception in Access Control Sections.我测试了您的代码并在访问控制部分发现了一个异常。 The compiler does not allow access to all security When you want to access the permissions of a file.编译器不允许访问所有安全当您要访问文件的权限时。 Change AccessControlSections to AccessControlSections.Access .AccessControlSections.Access AccessControlSections Then I did not find any error.然后我没有发现任何错误。

var rules = new FileSecurity(fn, AccessControlSections.Access)
             .GetAccessRules(true, true, typeof(NTAccount));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 C# 中添加来自 Active Directory 的所有用户 SID - Adding all users SID's from Active Directory in C# 我如何使用 C# 从活动目录中获取 SID-History 值 - How do i get the SID-History value using c# from active directory 翻译在C#中使用Active Directory的VB - Translate VB that uses Active Directory in C# C# .Net Core Web Api Azure Active Directory 和声明 - C# .Net Core Web Api Azure Active Directory & Claims 将Active Directory用户和组导入SQL Server(可能通过c#) - Importing Active Directory Users and Groups into SQL Server (possibly via c#) Active Directory使用System.DirectoryServices.AccountManagement在c#中搜索与特定名称匹配的所有组和用户。 - Active directory search for all groups and users matching a particular name in c# using System.DirectoryServices.AccountManagement? 在 .NET 中的 Active Directory 组中添加和删除用户 - Adding and removing users from Active Directory groups in .NET 在活动目录c#ldap中搜索用户 - searching users in active directory c# ldap 验证C#中的远程Active Directory用户 - Validate users of Remote Active Directory in C# C#将用户添加到活动目录 - C# Adding Users to Active directory
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM