Ejemplos de AuthzAuthorization.CheckGenericPermission en C# (CSharp)

Lenguaje de programación: C# (CSharp)

Clase / Tipo: AuthzAuthorization

Método / Función: CheckGenericPermission

Ejemplos en hotexamples.com: 2

C# (CSharp) AuthzAuthorization.CheckGenericPermission - 2 ejemplos encontrados. Estos son los ejemplos en C# (CSharp) del mundo real mejor valorados de AuthzAuthorization.CheckGenericPermission extraídos de proyectos de código abierto. Puedes valorar ejemplos para ayudarnos a mejorar la calidad de los ejemplos.

Métodos usados con frecuencia

Mostrar Ocultar

CheckGenericPermission(2)

CheckExtendedRights(1)

CheckPermissions(1)

GetAuthzContext(1)

Ejemplo n.º 1

Mostrar archivo

        internal static bool CheckFullAccessPermissions(ADUser executingAdUser, ADUser accessRequestedForADUser, IRecipientSession session)
        {
            ExTraceGlobals.TaskTracer.TraceDebug <string, string>(0L, "Checking if {0} has full access for mailbox {1}", executingAdUser.Alias, accessRequestedForADUser.Alias);
            ActiveManager         activeManagerInstance = ActiveManager.GetActiveManagerInstance();
            DatabaseLocationInfo  serverForDatabase     = activeManagerInstance.GetServerForDatabase(accessRequestedForADUser.Database.ObjectGuid);
            RawSecurityDescriptor rawSecurityDescriptor = null;

            using (MapiMessageStoreSession mapiMessageStoreSession = new MapiMessageStoreSession(serverForDatabase.ServerLegacyDN, Server.GetSystemAttendantLegacyDN(serverForDatabase.ServerLegacyDN), Fqdn.Parse(serverForDatabase.ServerFqdn)))
            {
                MailboxId mailboxId = new MailboxId(new DatabaseId(accessRequestedForADUser.Database.ObjectGuid), accessRequestedForADUser.ExchangeGuid);
                try
                {
                    rawSecurityDescriptor = mapiMessageStoreSession.GetMailboxSecurityDescriptor(mailboxId);
                }
                catch (MailboxNotFoundException)
                {
                    ExTraceGlobals.TaskTracer.TraceDebug <MailboxId>(0L, "Could not find mailbox {0} when attempting to read its security descriptor.", mailboxId);
                    return(false);
                }
            }
            byte[] array = new byte[rawSecurityDescriptor.BinaryLength];
            rawSecurityDescriptor.GetBinaryForm(array, 0);
            ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity();

            activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array);
            int num = AuthzAuthorization.CheckGenericPermission(executingAdUser.Sid, rawSecurityDescriptor, AccessMask.CreateChild);

            return((num & 1) == 1);
        }

Ejemplo n.º 2

Mostrar archivo

        private static bool CheckPermissionsOnDkmObjects(IEnumerable <ADRawEntry> dkmObjects, IRootOrganizationRecipientSession session, Dictionary <SecurityIdentifier, ActiveDirectoryRights> expectedAccessRights, StringBuilder detailStatus)
        {
            bool result = true;

            foreach (ADRawEntry adrawEntry in dkmObjects)
            {
                RawSecurityDescriptor   rawSecurityDescriptor;
                ActiveDirectorySecurity activeDirectorySecurity = PermissionTaskHelper.ReadAdSecurityDescriptor(adrawEntry, session, null, out rawSecurityDescriptor);
                if (activeDirectorySecurity == null)
                {
                    result = false;
                    detailStatus.AppendFormat("Failed to read security descriptor for DKM object {0}. Examine the ACL settings on DKM objects.\r\n", adrawEntry.Id.DistinguishedName);
                }
                else
                {
                    AuthorizationRuleCollection accessRules = activeDirectorySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
                    StringBuilder stringBuilder             = new StringBuilder();
                    stringBuilder.AppendLine(string.Format("Object DN: {0}\r\n", adrawEntry.Id.DistinguishedName));
                    bool flag = false;
                    Dictionary <SecurityIdentifier, ActiveDirectoryRights> dictionary = new Dictionary <SecurityIdentifier, ActiveDirectoryRights>();
                    foreach (object obj in accessRules)
                    {
                        ActiveDirectoryAccessRule activeDirectoryAccessRule = (ActiveDirectoryAccessRule)obj;
                        try
                        {
                            if (!expectedAccessRights.ContainsKey((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference))
                            {
                                int num = AuthzAuthorization.CheckGenericPermission((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference, rawSecurityDescriptor, AccessMask.MaximumAllowed);
                                if (num != 0)
                                {
                                    stringBuilder.AppendFormat("Unexpected ACE with Identity: {0}, Rights: {1}\r\n\r\n", TestDataCenterDKMAccess.AccountNameFromSid(activeDirectoryAccessRule.IdentityReference.ToString()), (ActiveDirectoryRights)num);
                                    result = false;
                                    flag   = true;
                                }
                            }
                            else
                            {
                                dictionary[(SecurityIdentifier)activeDirectoryAccessRule.IdentityReference] = (ActiveDirectoryRights)AuthzAuthorization.CheckGenericPermission((SecurityIdentifier)activeDirectoryAccessRule.IdentityReference, rawSecurityDescriptor, AccessMask.MaximumAllowed);
                            }
                        }
                        catch (Win32Exception ex)
                        {
                            stringBuilder.AppendFormat("Failed to check ACL for Identity: {0} with Win32Exception {1} and ErrorCode {2}\r\n", TestDataCenterDKMAccess.AccountNameFromSid(activeDirectoryAccessRule.IdentityReference.ToString()), ex.Message, ex.ErrorCode);
                            result = false;
                            flag   = true;
                        }
                    }
                    Dictionary <SecurityIdentifier, ActiveDirectoryRights> dictionary2 = new Dictionary <SecurityIdentifier, ActiveDirectoryRights>(expectedAccessRights);
                    foreach (KeyValuePair <SecurityIdentifier, ActiveDirectoryRights> keyValuePair in dictionary)
                    {
                        if (dictionary2[keyValuePair.Key] != keyValuePair.Value)
                        {
                            stringBuilder.AppendFormat("Wrong rights in ACE for Identity {0}\r\nExpected Rights: {1}\r\nActual Rights: {2}\r\n\r\n", TestDataCenterDKMAccess.AccountNameFromSid(keyValuePair.Key.ToString()), dictionary2[keyValuePair.Key], keyValuePair.Value);
                            result = false;
                            flag   = true;
                        }
                        dictionary2.Remove(keyValuePair.Key);
                    }
                    if (dictionary2.Count > 0)
                    {
                        foreach (KeyValuePair <SecurityIdentifier, ActiveDirectoryRights> keyValuePair2 in dictionary2)
                        {
                            stringBuilder.AppendFormat("Missing expected ACE for Identity {0}\r\nExpected Rights: {1}\r\n\r\n", TestDataCenterDKMAccess.AccountNameFromSid(keyValuePair2.Key.ToString()), keyValuePair2.Value);
                            result = false;
                            flag   = true;
                        }
                    }
                    if (flag)
                    {
                        detailStatus.AppendLine(stringBuilder.ToString());
                    }
                }
            }
            return(result);
        }