private bool IsMatch(string trustee, string requestor, string serverName, AccessControlType aceType = AccessControlType.Allow)
{
ActiveDirectory d = new ActiveDirectory();
var user = d.GetUser(requestor);
var p = d.GetPrincipal(trustee);
DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, 1);
dacl.AddAccess(aceType, p.Sid, (int)AccessMask.Jit, InheritanceFlags.None, PropagationFlags.None);
CommonSecurityDescriptor sd = new CommonSecurityDescriptor(false, false, ControlFlags.DiscretionaryAclPresent, new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), null, null, dacl);
if (serverName == null)
{
serverName = d.GetDomainNameDnsFromSid(p.Sid);
}
using AuthorizationContext c = new AuthorizationContext(user.Sid, serverName);
return(c.AccessCheck(sd, (int)AccessMask.Jit));
}