如何区分分配给文件夹安全性的用户和组?
[英]How to distinguish between users and groups assigned to a folder security?
问题描述
I wrote a simple code to retrieve security information of a folder the information contain User and groups and the rights they have on the folder 
我编写了一个简单的代码来检索文件夹的安全信息,该信息包含用户和组以及它们对文件夹的权限
public void GetSecurityRules(DirectoryInfo directoryInfo)
{
DirectorySecurity DSecurity = directoryInfo.GetAccessControl();
AuthorizationRuleCollection Rules = DSecurity.GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule fileSystemAccessRule in Rules)
{
Console.WriteLine("User/Group name {0}",fileSystemAccessRule.IdentityReference.Value);
Console.WriteLine("Permissions: {0}", fileSystemAccessRule.FileSystemRights.ToString());
}
}
In the line fileSystemAccessRule.IdentityReference.Value I got both Users and Groups but how can i know if the value represent a user or a group? 在行fileSystemAccessRule.IdentityReference.Value我同时获得了用户和组,但我怎么知道该值是代表用户还是组?
1 个解决方案
解决方案1
1 2013-02-04 13:37:23
To the best of my knowledge, the CLR does not expose this information. 据我所知,CLR不会公开这些信息。 You will have to p/invoke LsaLookupSids manually and examine the SID_NAME_USE value it will return. 您必须手动p /调用LsaLookupSids并检查它将返回的SID_NAME_USE值。 CLR calls this function too in order to translate SIDs to account names, but it throws away the SID_NAME_USE values. CLR也调用此函数以将SID转换为帐户名,但它会丢弃SID_NAME_USE值。 For code, break out your Reflector, open mscorlib and see how the internal TranslateToNTAccounts function in System.Security.Principal.SecurityIdentifier works. 对于代码,打破您的Reflector,打开mscorlib并查看System.Security.Principal.SecurityIdentifier的内部TranslateToNTAccounts函数如何工作。
As an alternative, if you are not going to do such lookups repeatedly, it might be easier to use WMI — query a Win32_Account by SID and examine the SIDType member. 作为替代方案,如果您不打算重复执行此类查找,则可能更容易使用WMI - 通过SID查询Win32_Account并检查SIDType成员。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.