Beispiel #1
0
        public virtual bool IsInRole(SecurityIdentifier sid)
        {
            if (sid == null)
            {
                throw new ArgumentNullException("sid");
            }
            if (this.m_identity.AccessToken.IsInvalid)
            {
                return(false);
            }
            SafeAccessTokenHandle invalidHandle = SafeAccessTokenHandle.InvalidHandle;

            if (this.m_identity.ImpersonationLevel == TokenImpersonationLevel.None && !Win32Native.DuplicateTokenEx(this.m_identity.AccessToken, 8U, IntPtr.Zero, 2U, 2U, ref invalidHandle))
            {
                throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
            }
            bool result = false;

            if (!Win32Native.CheckTokenMembership((this.m_identity.ImpersonationLevel != TokenImpersonationLevel.None) ? this.m_identity.AccessToken : invalidHandle, sid.BinaryForm, ref result))
            {
                throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
            }
            invalidHandle.Dispose();
            return(result);
        }
        public virtual bool IsInRole(SecurityIdentifier sid)
        {
            if (sid == null)
            {
                throw new ArgumentNullException("sid");
            }
            Contract.EndContractBlock();

            // special case the anonymous identity.
            if (m_identity.TokenHandle.IsInvalid)
            {
                return(false);
            }

            // CheckTokenMembership expects an impersonation token
            SafeTokenHandle token = SafeTokenHandle.InvalidHandle;

            if (m_identity.ImpersonationLevel == TokenImpersonationLevel.None)
            {
                if (!Win32Native.DuplicateTokenEx(m_identity.TokenHandle,
                                                  (uint)TokenAccessLevels.Query,
                                                  IntPtr.Zero,
                                                  (uint)TokenImpersonationLevel.Identification,
                                                  (uint)TokenType.TokenImpersonation,
                                                  ref token))
                {
                    throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
                }
            }

            bool isMember = false;

            // CheckTokenMembership will check if the SID is both present and enabled in the access token.
            if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.TokenHandle : token),
                                                  sid.BinaryForm,
                                                  ref isMember))
            {
                throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error()));
            }

            token.Dispose();
            return(isMember);
        }