[英]How to distinguish between users and groups assigned to a folder security?
I wrote a simple code to retrieve security information of a folder the information contain User and groups and the rights they have on the folder 我编写了一个简单的代码来检索文件夹的安全信息,该信息包含用户和组以及它们对文件夹的权限
public void GetSecurityRules(DirectoryInfo directoryInfo)
{
DirectorySecurity DSecurity = directoryInfo.GetAccessControl();
AuthorizationRuleCollection Rules = DSecurity.GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule fileSystemAccessRule in Rules)
{
Console.WriteLine("User/Group name {0}",fileSystemAccessRule.IdentityReference.Value);
Console.WriteLine("Permissions: {0}", fileSystemAccessRule.FileSystemRights.ToString());
}
}
In the line fileSystemAccessRule.IdentityReference.Value
I got both Users and Groups but how can i know if the value represent a user or a group? 在行
fileSystemAccessRule.IdentityReference.Value
我同时获得了用户和组,但我怎么知道该值是代表用户还是组?
To the best of my knowledge, the CLR does not expose this information. 据我所知,CLR不会公开这些信息。 You will have to p/invoke
LsaLookupSids
manually and examine the SID_NAME_USE value it will return. 您必须手动p /调用
LsaLookupSids
并检查它将返回的SID_NAME_USE值。 CLR calls this function too in order to translate SIDs to account names, but it throws away the SID_NAME_USE values. CLR也调用此函数以将SID转换为帐户名,但它会丢弃SID_NAME_USE值。 For code, break out your Reflector, open mscorlib and see how the internal
TranslateToNTAccounts
function in System.Security.Principal.SecurityIdentifier
works. 对于代码,打破您的Reflector,打开mscorlib并查看
System.Security.Principal.SecurityIdentifier
的内部TranslateToNTAccounts
函数如何工作。
As an alternative, if you are not going to do such lookups repeatedly, it might be easier to use WMI — query a Win32_Account
by SID and examine the SIDType member. 作为替代方案,如果您不打算重复执行此类查找,则可能更容易使用WMI - 通过SID查询
Win32_Account
并检查SIDType成员。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.