获取当前用户 SID 的最佳方法是什么？

Question

Prerequisite Detail先决条件详细信息

Working in .NET 2.0.在 .NET 2.0 工作。
The code is in a common library that could be called from ASP.Net, Windows Forms, or a Console application.该代码位于一个公共库中，可以从 ASP.Net、Windows Forms 或控制台应用程序调用。
Running in a Windows Domain on a corporate.network.在 corporate.network 上的 Windows 域中运行。

The Question问题

What is the best way to get the current user's SID?获取当前用户 SID 的最佳方法是什么？ I'm not talking about the identity that is executing the application, but the user who is accessing the interface.我不是在谈论正在执行应用程序的身份，而是正在访问界面的用户。 In background applications and desktop based applications this should be the identity actually executing the application, but in ASP.Net (without impersionation) this should be the HttpContext.Current.User SID.在后台应用程序和基于桌面的应用程序中，这应该是实际执行应用程序的身份，但在 ASP.Net（没有模拟）中，这应该是 HttpContext.Current.User SID。

The Current Method目前的方法

This is what I've got right now.这就是我现在所拥有的。 It just seems... wrong.只是好像……错了。 It's nasty.这很讨厌。 Is there a better way to do this, or some built in class that does it for you?有没有更好的方法来做到这一点，或者有一些内置的 class 可以为您做到这一点？

public static SecurityIdentifier SID
{
    get
    {
        WindowsIdentity identity = null;

        if (HttpContext.Current == null)
        {
            identity = WindowsIdentity.GetCurrent();
        }
        else
        {
            identity = HttpContext.Current.User.Identity as WindowsIdentity;
        }

        return identity.User;
    }
}

Answer 1

I don't think there is a better way at getting at this info--you've got to get at the WindowsPrincipal somehow and .NET's rather clean API abstracts that behind the User object. 我不认为有更好的方法来获取这些信息 - 你必须以某种方式获得WindowsPrincipal和.NET相当干净的API摘要，这些信息在User对象后面。 I'd just leave this nice and wrapped up in a method and call it a day. 我只是把它放在一个方法中，然后把它称为一天。

Well, ok, there is one thing you should do (unless your web users are always going to be WindowsIdentity), which would be to check for null identity and handle it according to whatever rules you have. 嗯，好吧，你应该做的一件事（除非你的网络用户总是成为WindowsIdentity），这将是检查空身份并根据你拥有的任何规则处理它。

Answer 2

The WindowsIdentity class is the "built in class that does it for you". WindowsIdentity类是“为您完成的内置类”。 You've got as simple a solution as you're going to get really, as long as you have a valid WindowsIdentity to work with. 只要你有一个有效的WindowsIdentity可以使用，你就可以得到一个简单的解决方案。

Alternatively, if you have the username of the user in question and you want to get the SID directly from AD, you can build your own library to use the DirectoryServices namespace and retrieve the DirectoryEntry for your user (this is a fairly complicated process as DirectoryServices is tricky). 或者，如果您有相关用户的用户名并且希望直接从AD获取SID，则可以构建自己的库以使用DirectoryServices命名空间并为您的用户检索DirectoryEntry（这是一个相当复杂的过程，如DirectoryServices很棘手）。 You can even use LDAP to get it if you have a need. 如果有需要，您甚至可以使用LDAP来获取它。

Answer 3

Without the use of third-party libraries This code will give correct results, if the user changed his user name. 不使用第三方库如果用户更改了用户名，则此代码将给出正确的结果。

String SID = "";
string currentUserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();

RegistryKey regDir = Registry.LocalMachine;

            using (RegistryKey regKey = regDir.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData", true))
            {
                if (regKey != null)
                {
                    string[] valueNames = regKey.GetSubKeyNames();
                    for (int i = 0; i < valueNames.Length; i++)
                    {
                        using (RegistryKey key = regKey.OpenSubKey(valueNames[i], true))
                        {
                            string[] names = key.GetValueNames();
                            for (int e = 0; e < names.Length; e++)
                            {
                                if (names[e] == "LoggedOnSAMUser")
                                {
                                    if (key.GetValue(names[e]).ToString() == currentUserName)
                                        SID = key.GetValue("LoggedOnUserSID").ToString();
                                }
                            }
                        }
                    }
                }
            }MessageBox.Show(SID);

Answer 4

//the current user //当前用户

WindowsIdentity.GetCurrent().Owner

Returns the security identifier (SID) in SDDL format you know them as S-1-5-9 .以 SDDL 格式返回安全标识符 (SID)，您知道它们是S-1-5-9 。

WindowsIdentity.GetCurrent().Owner.ToString()

Returns the account domain security identifier (SID) If the SID does not represent a Windows account SID, this property returns null返回帐户域安全标识符 (SID) 如果 SID 不代表 Windows 帐户 SID，则此属性返回 null

WindowsIdentity.GetCurrent().Owner.AccountDomainSid

You could use this as:您可以将其用作：

_pipeSecurity = new PipeSecurity();   
               
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, WindowsIdentity.GetCurrent().Owner);
var audid = new PipeAuditRule(sid, PipeAccessRights.FullControl, AuditFlags.Failure | AuditFlags.Success);
var access = new PipeAccessRule(sid, PipeAccessRights.ReadWrite, AccessControlType.Allow);
            
_pipeSecurity.AddAuditRule(audid);
_pipeSecurity.AddAccessRule(access);

获取当前用户 SID 的最佳方法是什么？

问题描述

4 个解决方案

解决方案1
4 已采纳 2009-07-31 18:15:45

解决方案2
1 2010-09-15 12:26:16

解决方案3
1 2017-02-23 13:40:22

解决方案4
1 2022-03-05 14:45:13

获取当前用户 SID 的最佳方法是什么？

问题描述

4 个解决方案

解决方案1 4 已采纳 2009-07-31 18:15:45

解决方案2 1 2010-09-15 12:26:16

解决方案3 1 2017-02-23 13:40:22

解决方案4 1 2022-03-05 14:45:13

解决方案1
4 已采纳 2009-07-31 18:15:45

解决方案2
1 2010-09-15 12:26:16

解决方案3
1 2017-02-23 13:40:22

解决方案4
1 2022-03-05 14:45:13