Why does WellKnownSidType fail to convert to sid/account sometimes?
Question: I'm looking up the account name and SID for each WellKnownSidType enum member as shown below.
Why does it fail sometimes? And why does it sometimes fail in converting the WellKnownSidType to a sid? As far as I understand it, only the conversion from sid to accountname should sometimes fail, and even that only when the account isn't local and not in the domain. For example, when translating the enum LogonIdsSid to a SID, i get: Bekannte SIDs des Typs LogonIdsSid können nicht erstellt werden. (Known SIDs of type LogonIdsSid cannot be created.) Or when looking up the accountname for NTAuthoritySid i get: Manche oder alle identitätsverweise konnten nicht übersetzt werden. (Some or all idendity-references could not be translated.)Sub Main()
Enumerations.SidInfo(Of System.Security.Principal.WellKnownSidType)()
End Sub
Public Class Enumerations
Public Shared Sub SidInfo(Of T)()
Dim enumType As Type = GetType(T)
For Each ThisEnumValue As T In System.Enum.GetValues(GetType(T))
Try
Console.WriteLine("Enum: System.Security.Principal.WellKnownSidType." + System.Enum.Format(GetType(T), ThisEnumValue, "G"))
Dim enumItem1 As System.Reflection.FieldInfo = enumType.GetField(System.Enum.Format(GetType(T), ThisEnumValue, "G"))
Dim enumValue1 As T = CType(enumItem1.GetValue(enumType), T)
Dim sid As System.Security.Principal.SecurityIdentifier = New System.Security.Principal.SecurityIdentifier(CType(CType(enumValue1, Object), System.Security.Principal.WellKnownSidType), Nothing)
Console.WriteLine("SID: " + sid.ToString())
Dim ntAccount As Security.Principal.NTAccount = CType(sid.Translate(GetType(Security.Principal.NTAccount)), Security.Principal.NTAccount)
Console.WriteLine("Account: " + ntAccount.ToString())
Console.WriteLine(vbCrLf)
Catch ex As Exception
Console.WriteLine("Exception on: " + System.Enum.Format(GetType(T), ThisEnumValue, "G"))
Console.WriteLine(vbCrLf)
End Try
Next
End Sub
End Class
C# (auto-translation):
//Dim sid As System.Security.Principal.SecurityIdentifier = New System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, Nothing)
//Dim rule As System.Security.AccessControl.MutexAccessRule = New System.Security.AccessControl.MutexAccessRule(sid, System.Security.AccessControl.MutexRights.FullControl, System.Security.AccessControl.AccessControlType.Allow)
public static void GetSID<T>()
{
Type enumType = typeof(T);
foreach (T ThisEnumValue in System.Enum.GetValues(typeof(T))) {
try {
Console.WriteLine("Enum: System.Security.Principal.WellKnownSidType." + System.Enum.Format(typeof(T), ThisEnumValue, "G"));开发者_开发问答
System.Reflection.FieldInfo enumItem1 = enumType.GetField(System.Enum.Format(typeof(T), ThisEnumValue, "G"));
T enumValue1 = (T)enumItem1.GetValue(enumType);
System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier((System.Security.Principal.WellKnownSidType)(object)enumValue1, null);
Console.WriteLine("SID: " + sid.ToString());
System.Security.Principal.NTAccount ntAccount = (Security.Principal.NTAccount)sid.Translate(typeof(Security.Principal.NTAccount));
Console.WriteLine("Account: " + ntAccount.ToString());
Console.WriteLine(Constants.vbCrLf);
} catch (Exception ex) {
Console.WriteLine("Exception on: " + System.Enum.Format(typeof(T), ThisEnumValue, "G") + Constants.vbCrLf + ex.Message);
Console.WriteLine(Constants.vbCrLf);
}
}
}
This method will kick out three errors actually.
The first is IdentityNotMappedException
which means that the account that you are trying to make doesn't actually exist on the machine. The WellKnownSidType
enum represents all of the well-known SIDs not just ones specific to a given machine. There is probably a mechanism that you can use to look this up but I don't know of it off hand. You might have to P/Invoke possibly and use CreateWellKnownSid
or just catch the exception.
The second is a an ArgumentException
which will happen if you try to use LogonIdsSid
. If you check the documentation for the constructor for SecurityIdentifier
you'll see that you can's use LogonIdsSid
.
The third error is an ArgumentNullException
which will occur if you try to create one of the following well-known SIDs without specifying a domain SID. This is also in the documentation.
- AccountAdministratorSid
- AccountGuestSid
- AccountKrbtgtSid
- AccountDomainAdminsSid
- AccountDomainUsersSid
- AccountDomainGuestsSid
- AccountComputersSid
- AccountControllersSid
- AccountCertAdminsSid
- AccountSchemaAdminsSid
- AccountEnterpriseAdminsSid
- AccountPolicyAdminsSid
- AccountRasAndIasServersSid
精彩评论