开发者

Why does WellKnownSidType fail to convert to sid/account sometimes?

问答 作者:

Question: I'm looking up the account name and SID for each WellKnownSidType enum member as shown below.

Why does it fail sometimes?

And why does it sometimes fail in converting the WellKnownSidType to a sid?

As far as I understand it, only the conversion from sid to accountname should sometimes fail, and even that only when the account isn't local and not in the domain.

For example, when translating the enum LogonIdsSid to a SID, i get:

Bekannte SIDs des Typs LogonIdsSid können nicht erstellt werden.

(Known SIDs of type LogonIdsSid cannot be created.)

Or when looking up the accountname for NTAuthoritySid

i get: Manche oder alle identitätsverweise konnten nicht übersetzt werden.

(Some or all idendity-references could not be translated.)

Sub Main()
    Enumerations.SidInfo(Of System.Security.Principal.WellKnownSidType)()
End Sub

Public Class Enumerations

   Public Shared Sub SidInfo(Of T)()
        Dim enumType As Type = GetType(T)


        For Each ThisEnumValue As T In System.Enum.GetValues(GetType(T))
            Try
                Console.WriteLine("Enum: System.Security.Principal.WellKnownSidType." + System.Enum.Format(GetType(T), ThisEnumValue, "G"))
                Dim enumItem1 As System.Reflection.FieldInfo = enumType.GetField(System.Enum.Format(GetType(T), ThisEnumValue, "G"))
                Dim enumValue1 As T = CType(enumItem1.GetValue(enumType), T)
                Dim sid As System.Security.Principal.SecurityIdentifier = New System.Security.Principal.SecurityIdentifier(CType(CType(enumValue1, Object), System.Security.Principal.WellKnownSidType), Nothing)
                Console.WriteLine("SID: " + sid.ToString())
                Dim ntAccount As Security.Principal.NTAccount = CType(sid.Translate(GetType(Security.Principal.NTAccount)), Security.Principal.NTAccount)

                Console.WriteLine("Account: " + ntAccount.ToString())
                Console.WriteLine(vbCrLf)
            Catch ex As Exception
                Console.WriteLine("Exception on: " + System.Enum.Format(GetType(T), ThisEnumValue, "G"))
                Console.WriteLine(vbCrLf)
            End Try
        Next

    End Sub
End Class

C# (auto-translation):

//Dim sid As System.Security.Principal.SecurityIdentifier = New System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, Nothing)
//Dim rule As System.Security.AccessControl.MutexAccessRule = New System.Security.AccessControl.MutexAccessRule(sid, System.Security.AccessControl.MutexRights.FullControl, System.Security.AccessControl.AccessControlType.Allow)
public static void GetSID<T>()
{
    Type enumType = typeof(T);

    foreach (T ThisEnumValue in System.Enum.GetValues(typeof(T))) {
        try {
            Console.WriteLine("Enum: System.Security.Principal.WellKnownSidType." + System.Enum.Format(typeof(T), ThisEnumValue, "G"));开发者_开发问答
            System.Reflection.FieldInfo enumItem1 = enumType.GetField(System.Enum.Format(typeof(T), ThisEnumValue, "G"));
            T enumValue1 = (T)enumItem1.GetValue(enumType);
            System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier((System.Security.Principal.WellKnownSidType)(object)enumValue1, null);
            Console.WriteLine("SID: " + sid.ToString());
            System.Security.Principal.NTAccount ntAccount = (Security.Principal.NTAccount)sid.Translate(typeof(Security.Principal.NTAccount));

            Console.WriteLine("Account: " + ntAccount.ToString());
            Console.WriteLine(Constants.vbCrLf);
        } catch (Exception ex) {
            Console.WriteLine("Exception on: " + System.Enum.Format(typeof(T), ThisEnumValue, "G") + Constants.vbCrLf + ex.Message);
            Console.WriteLine(Constants.vbCrLf);
        }
    }

}

This method will kick out three errors actually.

The first is IdentityNotMappedException which means that the account that you are trying to make doesn't actually exist on the machine. The WellKnownSidType enum represents all of the well-known SIDs not just ones specific to a given machine. There is probably a mechanism that you can use to look this up but I don't know of it off hand. You might have to P/Invoke possibly and use CreateWellKnownSid or just catch the exception.

The second is a an ArgumentException which will happen if you try to use LogonIdsSid. If you check the documentation for the constructor for SecurityIdentifier you'll see that you can's use LogonIdsSid.

The third error is an ArgumentNullException which will occur if you try to create one of the following well-known SIDs without specifying a domain SID. This is also in the documentation.

  • AccountAdministratorSid
  • AccountGuestSid
  • AccountKrbtgtSid
  • AccountDomainAdminsSid
  • AccountDomainUsersSid
  • AccountDomainGuestsSid
  • AccountComputersSid
  • AccountControllersSid
  • AccountCertAdminsSid
  • AccountSchemaAdminsSid
  • AccountEnterpriseAdminsSid
  • AccountPolicyAdminsSid
  • AccountRasAndIasServersSid

继续阅读:.netasp.netpermissions

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9