public static void SetAclOnAlternateProperty(ADObject obj, GenericAce[] aces, PropertyDefinition sdProperty, SecurityIdentifier owner, SecurityIdentifier group)
{
DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(false, true, aces.Length);
foreach (GenericAce genericAce in aces)
{
AccessControlType accessType;
if (genericAce.AceType == AceType.AccessAllowed || genericAce.AceType == AceType.AccessAllowedObject)
{
accessType = AccessControlType.Allow;
}
else
{
if (genericAce.AceType != AceType.AccessDenied && genericAce.AceType != AceType.AccessDeniedObject)
{
throw new AceTypeHasUnsupportedValueException(genericAce.AceType.ToString());
}
accessType = AccessControlType.Deny;
}
if (genericAce is CommonAce)
{
CommonAce commonAce = genericAce as CommonAce;
discretionaryAcl.AddAccess(accessType, commonAce.SecurityIdentifier, commonAce.AccessMask, commonAce.InheritanceFlags, commonAce.PropagationFlags);
}
else
{
if (!(genericAce is ObjectAce))
{
throw new AceIsUnsupportedTypeException(genericAce.GetType().ToString());
}
ObjectAce objectAce = genericAce as ObjectAce;
discretionaryAcl.AddAccess(accessType, objectAce.SecurityIdentifier, objectAce.AccessMask, objectAce.InheritanceFlags, objectAce.PropagationFlags, objectAce.ObjectAceFlags, objectAce.ObjectAceType, objectAce.InheritedObjectAceType);
}
}
CommonSecurityDescriptor commonSecurityDescriptor = new CommonSecurityDescriptor(false, true, ControlFlags.DiscretionaryAclPresent, owner, group, null, discretionaryAcl);
byte[] binaryForm = new byte[commonSecurityDescriptor.BinaryLength];
commonSecurityDescriptor.GetBinaryForm(binaryForm, 0);
RawSecurityDescriptor rawSecurityDescriptor = new RawSecurityDescriptor(binaryForm, 0);
obj.SetProperties(new PropertyDefinition[]
{
sdProperty
}, new object[]
{
rawSecurityDescriptor
});
}
