public void RemoveAuditRuleAll_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new NTAccount(@"NT AUTHORITY\SYSTEM");
var customAuditRuleReadWrite = new CustomAuditRule
(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleSynchronize = new CustomAuditRule
(
new NTAccount(@"NT AUTHORITY\SYSTEM"), SynchronizeAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.AddAuditRule(customAuditRuleSynchronize);
customObjectSecurity.RemoveAuditRuleAll(customAuditRuleReadWrite);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.Empty(existingRules);
}
public void AddAccessRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var customAccessRuleAllow = new CustomAccessRule(
new NTAccount(@"NT AUTHORITY\Network Service"), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AccessControlType.Allow
);
var customAccessRuleDeny = new CustomAccessRule(
new NTAccount(@"NT AUTHORITY\SYSTEM"), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleAllow);
customObjectSecurity.AddAccessRule(customAccessRuleDeny);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAccessRule> addedRules = ruleCollection.Cast <CustomAccessRule>().ToList();
Assert.True(addedRules.Contains(customAccessRuleAllow));
Assert.True(addedRules.Contains(customAccessRuleDeny));
}
public void ObjectInitialization_DefaultConstructor_Success()
{
var customObjectSecurity = new CustomDirectoryObjectSecurity();
Assert.True(customObjectSecurity.IsDS);
Assert.True(customObjectSecurity.IsContainer);
}
public void RemoveAccessRule_AccessControlType_Deny_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
int readDataAndAttribute = ReadAccessMask | ReadAttributeAccessMask;
var identityReference = new NTAccount(@"NT AUTHORITY\SYSTEM");
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadDataAndAttribute = new CustomAccessRule(
identityReference, readDataAndAttribute, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleRead = new CustomAccessRule(
identityReference, ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadDataAndAttribute);
customObjectSecurity.RemoveAccessRule(customAccessRuleRead);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAccessRule> existingRules = ruleCollection.Cast <CustomAccessRule>().ToList();
Assert.True(
existingRules.Any(
x => x.IdentityReference == identityReference &&
x.AccessControlType == AccessControlType.Deny &&
x.AccessMaskValue == ReadAttributeAccessMask
));
}
public void SetAccessRule_AccessControlType_Deny_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new NTAccount(@"NT AUTHORITY\SYSTEM");
var customAccessRuleReadWrite = new CustomAccessRule(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleRead = new CustomAccessRule(
new NTAccount(@"NT AUTHORITY\SYSTEM"), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
customObjectSecurity.SetAccessRule(customAccessRuleRead);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
List <CustomAccessRule> existingRules = ruleCollection.Cast <CustomAccessRule>().ToList();
Assert.False(existingRules.Contains(customAccessRuleReadWrite));
Assert.True(existingRules.Contains(customAccessRuleRead));
}
public void SetAccessRule_AccessControlType_Deny_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
var customAccessRuleReadWrite = new CustomAccessRule(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleRead = new CustomAccessRule(
new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
Assert.Contains(customAccessRuleReadWrite, customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAccessRule>());
customObjectSecurity.SetAccessRule(customAccessRuleRead);
var existingRules = customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAccessRule>().ToList();
Assert.DoesNotContain(customAccessRuleReadWrite, existingRules);
Assert.Contains(customAccessRuleRead, existingRules);
}
public void AddAccessRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var customAccessRuleAllow = new CustomAccessRule(
new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AccessControlType.Allow
);
var customAccessRuleDeny = new CustomAccessRule(
new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleAllow);
customObjectSecurity.AddAccessRule(customAccessRuleDeny);
AuthorizationRuleCollection ruleCollection = customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAccessRule> addedRules = ruleCollection.Cast <CustomAccessRule>().ToList();
Assert.Contains(customAccessRuleAllow, addedRules);
Assert.Contains(customAccessRuleDeny, addedRules);
}
public void RemoveAccessRule_AccessControlType_Deny_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
int readDataAndAttribute = ReadAccessMask | ReadAttributeAccessMask;
var identityReference = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadDataAndAttribute = new CustomAccessRule(
identityReference, readDataAndAttribute, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleRead = new CustomAccessRule(
identityReference, ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadDataAndAttribute);
customObjectSecurity.RemoveAccessRule(customAccessRuleRead);
AuthorizationRuleCollection ruleCollection = customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
Assert.Contains(ruleCollection.Cast <CustomAccessRule>(), x =>
x.IdentityReference == identityReference &&
x.AccessControlType == AccessControlType.Deny &&
x.AccessMaskValue == ReadAttributeAccessMask
);
}
public void RemoveAccessRuleAll_AccessControlType_Deny_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleSynchronize = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, SynchronizeAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
customObjectSecurity.AddAccessRule(customAccessRuleSynchronize);
customObjectSecurity.RemoveAccessRuleAll(customAccessRuleSynchronize);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
List <CustomAccessRule> existingRules = ruleCollection.Cast <CustomAccessRule>().ToList();
Assert.False(existingRules.Contains(customAccessRuleReadWrite));
Assert.False(existingRules.Contains(customAccessRuleSynchronize));
}
public void RemoveRule_AccessControlType_Allow_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Allow
);
var customAccessRuleWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Allow
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
bool result = customObjectSecurity.RemoveAccessRule(customAccessRuleWrite);
Assert.True(result);
AuthorizationRuleCollection ruleCollection = customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
Assert.Contains(ruleCollection.Cast <CustomAccessRule>(), x =>
x.IdentityReference == Helpers.s_LocalSystemNTAccount &&
x.AccessControlType == customAccessRuleReadWrite.AccessControlType &&
x.AccessMaskValue == ReadAccessMask
);
}
public void RemoveAuditRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectType = Guid.NewGuid();
var customAuditRuleWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectType, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleReadWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectType, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.RemoveAuditRule(customAuditRuleWrite);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.True(existingRules.Count > 0);
Assert.Contains(existingRules, x =>
x.AccessMaskValue == ReadAccessMask &&
x.AuditFlags == AuditFlags.Success &&
x.IdentityReference == Helpers.s_LocalSystemNTAccount
);
}
public void ObjectInitialization_CommonSecurityDescriptor_Success()
{
var descriptor = new CommonSecurityDescriptor(false, false, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
Assert.False(customObjectSecurity.IsDS);
Assert.False(customObjectSecurity.IsContainer);
}
public void GetAuditRules_ReturnsValidObject()
{
var descriptor = new CommonSecurityDescriptor(false, false, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, false, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
}
public void GetAccessRules_TargetType_SecurityIdentifier_ReturnsValidObject()
{
var descriptor = new CommonSecurityDescriptor(false, false, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAccessRules(false, false, typeof(System.Security.Principal.SecurityIdentifier));
Assert.NotNull(ruleCollection);
Assert.Empty(ruleCollection);
}
public void RemoveAccessRuleAll_AccessControlType_Deny_ThrowException()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
AssertExtensions.Throws <InvalidOperationException, SystemException>(() => customObjectSecurity.RemoveAccessRuleAll(customAccessRuleReadWrite));
}
public void RemoveAccessRuleSpecific_AccessControlType_Deny_NoMatchableRules_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleRead = new CustomAccessRule(
new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
customObjectSecurity.RemoveAccessRuleSpecific(customAccessRuleRead);
Assert.Contains(customAccessRuleReadWrite, customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAccessRule>());
}
public void RemoveAuditRuleSpecific_NoMatchableRuleFound()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAuditRuleReadWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
}
public void RemoveAuditRuleSpecific_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAuditRuleReadWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleReadWrite);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.DoesNotContain(customAuditRuleReadWrite, existingRules);
}
public void RemoveAuditRuleSpecific_NoMatchableRuleFound()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
var customAuditRuleReadWrite = new CustomAuditRule(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleWrite = new CustomAuditRule(
identityReference, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
}
public void SetCustomDescriptor_Success()
{
// We didn't allow setting the security descriptor in core due to assembly refactoring.
// GetAccessRules() would throw a null ref after setting the descriptor. We now expose
// the descriptor as a protected property (instead of internal).
// https://github.com/dotnet/corefx/issues/34151
var customObjectSecurity = new CustomDirectoryObjectSecurity();
// DACL:SDDL_PROTECTED SDDL_AUTO_INHERITED
// (SDDL_ACCESS_ALLOWED;SDDL_OBJECT_INHERIT SDDL_CONTAINER_INHERIT;access mask;;;SDDL_BUILTIN_USERS)
customObjectSecurity.SetSecurityDescriptorSddlForm("D:PAI(A;OICI;0x1200a9;;;BU)");
var rules = customObjectSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier));
Assert.Equal(1, rules.Count);
CustomAccessRule rule = (CustomAccessRule)rules[0];
// Should be users group
Assert.Equal(rule.IdentityReference.Value, "S-1-5-32-545");
Assert.Equal(AccessControlType.Allow, rule.AccessControlType);
Assert.Equal(InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, rule.InheritanceFlags);
Assert.Equal(0x1200a9, rule.AccessMaskValue);
}
public void ResetAccessRule_AccessControlType_Deny_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAccessRuleReadWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
var customAccessRuleNetworkService = new CustomAccessRule(
Helpers.s_NetworkServiceNTAccount, SynchronizeAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Allow
);
var customAccessRuleWrite = new CustomAccessRule(
Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AccessControlType.Deny
);
customObjectSecurity.AddAccessRule(customAccessRuleReadWrite);
Assert.Contains(customAccessRuleReadWrite, customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAccessRule>());
customObjectSecurity.AddAccessRule(customAccessRuleNetworkService);
List <CustomAccessRule> existingRules = customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAccessRule>().ToList();
Assert.Contains(customAccessRuleReadWrite, existingRules);
Assert.Contains(customAccessRuleNetworkService, existingRules);
customObjectSecurity.ResetAccessRule(customAccessRuleWrite);
existingRules = customObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAccessRule>().ToList();
Assert.DoesNotContain(customAccessRuleReadWrite, existingRules);
Assert.Contains(customAccessRuleNetworkService, existingRules);
Assert.Contains(customAccessRuleWrite, existingRules);
}
public void SetAuditRule_InvalidObjectAuditRule()
{
var customObjectSecurity = new CustomDirectoryObjectSecurity();
Assert.Throws <ArgumentNullException>("rule", () => customObjectSecurity.SetAuditRule(null));
}
public void AddAccessRule_InvalidObjectAccessRule()
{
var customObjectSecurity = new CustomDirectoryObjectSecurity();
AssertExtensions.Throws <ArgumentNullException>("rule", () => customObjectSecurity.AddAccessRule(null));
}
public void RemoveAuditRuleSpecific_InvalidObjectAuditRule()
{
var customObjectSecurity = new CustomDirectoryObjectSecurity();
AssertExtensions.Throws <ArgumentNullException>("rule", () => customObjectSecurity.RemoveAuditRuleSpecific(null));
}
public void RemoveAccessRuleAll_InvalidObjectAccessRule()
{
var customObjectSecurity = new CustomDirectoryObjectSecurity();
Assert.Throws <ArgumentNullException>("rule", () => customObjectSecurity.RemoveAccessRuleAll(null));
}