public void Dispose() { if (_testAccountTokenHandle == null) { return; } _testAccountTokenHandle.Dispose(); _testAccountTokenHandle = null; using (var principalCtx = new PrincipalContext(ContextType.Machine)) using (var userPrincipal = UserPrincipal.FindByIdentity(principalCtx, TestAccountName)) { if (userPrincipal == null) { throw new Exception($"Failed to get user principal to delete test account {TestAccountName}"); } try { userPrincipal.Delete(); } catch (InvalidOperationException) { // TODO: Investigate, it always throw this exception with "Can't delete object already deleted", but it actually deletes it. } } }
internal static bool OpenThreadToken(TokenAccessLevels desiredAccess, WinSecurityContext openAs, out SafeAccessTokenHandle tokenHandle) { bool openAsSelf = true; if (openAs == WinSecurityContext.Thread) { openAsSelf = false; } if (OpenThreadToken(Kernel32.GetCurrentThread(), desiredAccess, openAsSelf, out tokenHandle)) { return(true); } if (openAs == WinSecurityContext.Both) { openAsSelf = false; tokenHandle.Dispose(); if (OpenThreadToken(Kernel32.GetCurrentThread(), desiredAccess, openAsSelf, out tokenHandle)) { return(true); } } return(false); }
private bool CheckNtTokenForSid(SecurityIdentifier sid) { Contract.EndContractBlock(); // special case the anonymous identity. if (_safeTokenHandle.IsInvalid) { return(false); } // CheckTokenMembership expects an impersonation token SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; TokenImpersonationLevel til = ImpersonationLevel; bool isMember = false; try { if (til == TokenImpersonationLevel.None) { if (!Interop.Advapi32.DuplicateTokenEx(_safeTokenHandle, (uint)TokenAccessLevels.Query, IntPtr.Zero, (uint)TokenImpersonationLevel.Identification, (uint)TokenType.TokenImpersonation, ref token)) { throw new SecurityException(new Win32Exception().Message); } } // CheckTokenMembership will check if the SID is both present and enabled in the access token. #if uap if (!Interop.Kernel32.CheckTokenMembershipEx((til != TokenImpersonationLevel.None ? _safeTokenHandle : token), sid.BinaryForm, Interop.Kernel32.CTMF_INCLUDE_APPCONTAINER, ref isMember)) { throw new SecurityException(new Win32Exception().Message); } #else if (!Interop.Advapi32.CheckTokenMembership((til != TokenImpersonationLevel.None ? _safeTokenHandle : token), sid.BinaryForm, ref isMember)) { throw new SecurityException(new Win32Exception().Message); } #endif } finally { if (token != SafeAccessTokenHandle.InvalidHandle) { token.Dispose(); } } return(isMember); }
[System.Security.SecurityCritical] // auto-generated internal void SetTokenHandles(SafeAccessTokenHandle callerToken, SafeAccessTokenHandle impToken) { if (m_callerToken != null && !m_callerToken.IsInvalid) { m_callerToken.Dispose(); } m_callerToken = callerToken; m_impToken = impToken; }
protected virtual void Dispose(bool disposing) { if (disposing) { if (_safeTokenHandle != null && !_safeTokenHandle.IsClosed) _safeTokenHandle.Dispose(); } _name = null; _owner = null; _user = null; }
protected virtual void Dispose(bool disposing) { if (disposing) { if (m_safeTokenHandle != null && !m_safeTokenHandle.IsClosed) { Undo(); m_safeTokenHandle.Dispose(); } } }
public void Dispose() { _accountTokenHandle?.Dispose(); uint result = NetUserDel(null, _userName); // 2221= NERR_UserNotFound if (result != 0 && result != 2221) { throw new Win32Exception((int)result); } }
// This method (with a SID parameter) is more general than the 2 overloads that accept a WindowsBuiltInRole or // a rid (as an int). It is also better from a performance standpoint than the overload that accepts a string. // The aformentioned overloads remain in this class since we do not want to introduce a // breaking change. However, this method should be used in all new applications. public virtual bool IsInRole(SecurityIdentifier sid) { if (sid == null) { throw new ArgumentNullException(nameof(sid)); } Contract.EndContractBlock(); // special case the anonymous identity. if (_identity.AccessToken.IsInvalid) { return(false); } // CheckTokenMembership expects an impersonation token SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; if (_identity.ImpersonationLevel == TokenImpersonationLevel.None) { if (!Interop.Advapi32.DuplicateTokenEx(_identity.AccessToken, (uint)TokenAccessLevels.Query, IntPtr.Zero, (uint)TokenImpersonationLevel.Identification, (uint)TokenType.TokenImpersonation, ref token)) { throw new SecurityException(new Win32Exception().Message); } } bool isMember = false; // CheckTokenMembership will check if the SID is both present and enabled in the access token. #if uap if (!Interop.Kernel32.CheckTokenMembershipEx((_identity.ImpersonationLevel != TokenImpersonationLevel.None ? _identity.AccessToken : token), sid.BinaryForm, Interop.Kernel32.CTMF_INCLUDE_APPCONTAINER, ref isMember)) { throw new SecurityException(new Win32Exception().Message); } #else if (!Interop.Advapi32.CheckTokenMembership((_identity.ImpersonationLevel != TokenImpersonationLevel.None ? _identity.AccessToken : token), sid.BinaryForm, ref isMember)) { throw new SecurityException(new Win32Exception().Message); } #endif token.Dispose(); return(isMember); }
private bool CheckNtTokenForSid(SecurityIdentifier sid) { Contract.EndContractBlock(); // special case the anonymous identity. if (_safeTokenHandle.IsInvalid) { return(false); } // CheckTokenMembership expects an impersonation token SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; TokenImpersonationLevel til = ImpersonationLevel; bool isMember = false; try { if (til == TokenImpersonationLevel.None) { if (!Interop.mincore.DuplicateTokenEx(_safeTokenHandle, (uint)TokenAccessLevels.Query, IntPtr.Zero, (uint)TokenImpersonationLevel.Identification, (uint)TokenType.TokenImpersonation, ref token)) { throw new SecurityException(Interop.mincore.GetMessage(Marshal.GetLastWin32Error())); } } // CheckTokenMembership will check if the SID is both present and enabled in the access token. if (!Interop.mincore.CheckTokenMembership((til != TokenImpersonationLevel.None ? _safeTokenHandle : token), sid.BinaryForm, ref isMember)) { throw new SecurityException(Interop.mincore.GetMessage(Marshal.GetLastWin32Error())); } } finally { if (token != SafeAccessTokenHandle.InvalidHandle) { token.Dispose(); } } return(isMember); }
public virtual bool IsInRole(SecurityIdentifier sid) { if (sid == null) { throw new ArgumentNullException("sid"); } Contract.EndContractBlock(); // special case the anonymous identity. if (m_identity.AccessToken.IsInvalid) { return(false); } // CheckTokenMembership expects an impersonation token SafeAccessTokenHandle token = SafeAccessTokenHandle.InvalidHandle; if (m_identity.ImpersonationLevel == TokenImpersonationLevel.None) { if (!Win32Native.DuplicateTokenEx(m_identity.AccessToken, (uint)TokenAccessLevels.Query, IntPtr.Zero, (uint)TokenImpersonationLevel.Identification, (uint)TokenType.TokenImpersonation, ref token)) { throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error())); } } bool isMember = false; // CheckTokenMembership will check if the SID is both present and enabled in the access token. if (!Win32Native.CheckTokenMembership((m_identity.ImpersonationLevel != TokenImpersonationLevel.None ? m_identity.AccessToken : token), sid.BinaryForm, ref isMember)) { throw new SecurityException(Win32Native.GetMessage(Marshal.GetLastWin32Error())); } token.Dispose(); return(isMember); }
public void Dispose() { _accessToken?.Dispose(); }
///------------------------------------------------------------------------------------------------- /// <summary> /// Releases the user context. /// </summary> /// /// <seealso cref="IDisposable.Dispose()"/> ///------------------------------------------------------------------------------------------------- public void Dispose() { _safeAccessTokenHandle.Dispose(); }