public CryptoKeyAuditRule (IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : base (identity, 0, false, InheritanceFlags.None, PropagationFlags.None, flags) { this.rights = cryptoKeyRights; }
public CryptoKeyAccessRule (IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : base (identity, (int)cryptoKeyRights, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow) { }
public CryptoKeyAccessRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : base(identity, (int)cryptoKeyRights, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow) { }
public CryptoKeyAuditRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : base(identity, 0, false, InheritanceFlags.None, PropagationFlags.None, flags) { this.rights = cryptoKeyRights; }
public static void SetAccessRuleForMatchingCertificates( StoreLocation storeLocation, StoreName storeName, X509FindType findType, string findValue, string accountName, CryptoKeyRights keyAccessMask) { // find matching certs X509Certificate2Collection matchingCerts = null; try { matchingCerts = FindMatchingCertificates(storeLocation, storeName, findType, findValue, String.Empty, doTakeMostRecentOnly: false); } catch (CryptographicException cex) { Console.WriteLine($"exception '{cex.HResult}: {cex.Message}' encountered."); throw; } foreach (var cert in matchingCerts) { // skip certs without private keys if (!cert.HasPrivateKey) { Console.WriteLine($"skipping - no private key: '{cert.Thumbprint}': '{cert.GetNameInfo(X509NameType.SimpleName, forIssuer: false)}'"); continue; } SetAccessRuleForCertificate(cert, accountName, keyAccessMask); } }
public CryptoKeyAccessRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) // FIXME: accessMask=0 likely causes an error : base(identity, 0, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow) { this.rights = cryptoKeyRights; }
public CryptoKeyAccessRule (IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this (identity, AccessMaskFromRights(cryptoKeyRights, type), false, InheritanceFlags.None, PropagationFlags.None, type) { }
public CryptoKeyAccessRule (string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this (new NTAccount(identity), AccessMaskFromRights(cryptoKeyRights, type), false, InheritanceFlags.None, PropagationFlags.None, type) { }
public CryptoKeyAccessRule (IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) // FIXME: accessMask=0 likely causes an error : base (identity, 0, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow) { this.rights = cryptoKeyRights; }
public CryptoKeyAuditRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this(identity, AccessMaskFromRights(cryptoKeyRights), false, InheritanceFlags.None, PropagationFlags.None, flags) { }
public CryptoKeyAuditRule(string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this(new NTAccount(identity), AccessMaskFromRights(cryptoKeyRights), false, InheritanceFlags.None, PropagationFlags.None, flags) { }
public CryptoKeyAccessRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this(identity, AccessMaskFromRights(cryptoKeyRights, type), false, InheritanceFlags.None, PropagationFlags.None, type) { }
public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this(new NTAccount(identity), AccessMaskFromRights(cryptoKeyRights, type), false, InheritanceFlags.None, PropagationFlags.None, type) { }
// Acl's on files have a Synchronize bit, and CreateFile always // asks for it. So for allows, let's always include this bit, // and for denies, let's never include this bit unless we're denying // full control. This is the right thing for users, even if it does // make the model look asymmetrical from a purist point of view. // Also, crypto key containers are just files in the end, so // this tweak to the access rights for files makes sense here. private static int AccessMaskFromRights (CryptoKeyRights cryptoKeyRights, AccessControlType controlType) { if (controlType == AccessControlType.Allow) { cryptoKeyRights |= CryptoKeyRights.Synchronize; } else if (controlType == AccessControlType.Deny) { if (cryptoKeyRights != CryptoKeyRights.FullControl) cryptoKeyRights &= ~CryptoKeyRights.Synchronize; } else { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidEnumValue", controlType, "controlType"), "controlType"); } return (int) cryptoKeyRights; }
private static int AccessMaskFromRights(CryptoKeyRights cryptoKeyRights, AccessControlType controlType) { if (controlType == AccessControlType.Allow) { cryptoKeyRights |= CryptoKeyRights.Synchronize; } else if (controlType == AccessControlType.Deny) { if (cryptoKeyRights != CryptoKeyRights.FullControl) { cryptoKeyRights &= ~CryptoKeyRights.Synchronize; } } else { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidEnumValue", (object)controlType, (object)"controlType"), "controlType"); } return((int)cryptoKeyRights); }
internal static void SetAccessRuleOnKSPKey(CngKey key, string accountName, CryptoKeyRights keyAccessMask) { const string NCRYPT_SECURITY_DESCR_PROPERTY = "Security Descr"; const CngPropertyOptions DACL_SECURITY_INFORMATION = (CngPropertyOptions)4; // retrieve existing permissions var existingACL = key.GetProperty(NCRYPT_SECURITY_DESCR_PROPERTY, DACL_SECURITY_INFORMATION); // add new rule CryptoKeySecurity keySec = new CryptoKeySecurity(); keySec.SetSecurityDescriptorBinaryForm(existingACL.GetValue()); keySec.AddAccessRule(new CryptoKeyAccessRule(accountName, keyAccessMask, AccessControlType.Allow)); // put back CngProperty updatedACL = new CngProperty(existingACL.Name, keySec.GetSecurityDescriptorBinaryForm(), CngPropertyOptions.Persist | DACL_SECURITY_INFORMATION); key.SetProperty(updatedACL); }
// Acl's on files have a Synchronize bit, and CreateFile always // asks for it. So for allows, let's always include this bit, // and for denies, let's never include this bit unless we're denying // full control. This is the right thing for users, even if it does // make the model look asymmetrical from a purist point of view. // Also, crypto key containers are just files in the end, so // this tweak to the access rights for files makes sense here. private static int AccessMaskFromRights(CryptoKeyRights cryptoKeyRights, AccessControlType controlType) { if (controlType == AccessControlType.Allow) { cryptoKeyRights |= CryptoKeyRights.Synchronize; } else if (controlType == AccessControlType.Deny) { if (cryptoKeyRights != CryptoKeyRights.FullControl) { cryptoKeyRights &= ~CryptoKeyRights.Synchronize; } } else { throw new ArgumentException(String.Format($"Argument_InvalidEnumValue: {controlType} is not valid in this context")); } return((int)cryptoKeyRights); }
public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) { }
public static void AssertIdentityHasPrivateKeyAccess(X509Certificate2 certificate, IdentityReference identity, CryptoKeyRights rights) { if (!certificate.HasPrivateKey) { throw new Exception("Certificate does not have private key"); } var cspAlgorithm = certificate.PrivateKey as ICspAsymmetricAlgorithm; if (cspAlgorithm == null) { throw new Exception("Private key is not a CSP key"); } var keySecurity = cspAlgorithm.CspKeyContainerInfo.CryptoKeySecurity; foreach (var accessRule in keySecurity.GetAccessRules(true, false, identity.GetType()).Cast <CryptoKeyAccessRule>()) { if (accessRule.IdentityReference.Equals(identity) && accessRule.CryptoKeyRights.HasFlag(rights)) { return; } } throw new Exception($"Identity '{identity.ToString()}' does not have access right '{rights}' to private-key"); }
public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this(new NTAccount(identity), cryptoKeyRights, type) { }
public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this(new SecurityIdentifier(identity), cryptoKeyRights, type) { }
/// <summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.CryptoKeyAuditRule" /> class using the specified values. </summary><param name="identity">The identity to which the audit rule applies.</param><param name="cryptoKeyRights">The cryptographic key operation for which this audit rule generates audits.</param><param name="flags">The conditions that generate audits.</param> public CryptoKeyAuditRule(string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : base(null, 0, false, InheritanceFlags.None, PropagationFlags.None, AuditFlags.None) { throw new NotImplementedException(); }
// Summary: // Initializes a new instance of the System.Security.AccessControl.CryptoKeyAccessRule // class using the specified values. // // Parameters: // identity: // The identity to which the access rule applies. This parameter must be an // object that can be cast as a System.Security.Principal.SecurityIdentifier. // // cryptoKeyRights: // The cryptographic key operation to which this access rule controls access. // // type: // The valid access control type. extern public CryptoKeyAccessRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type);
/// <summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.CryptoKeyAccessRule" /> class using the specified values.</summary><param name="identity">The identity to which the access rule applies.</param><param name="cryptoKeyRights">The cryptographic key operation to which this access rule controls access.</param><param name="type">The valid access control type.</param> public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : base(null, 0, false, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow) { throw new NotImplementedException(); }
private static int AccessMaskFromRights(CryptoKeyRights cryptoKeyRights) { return((int)cryptoKeyRights); }
public CryptoKeyAuditRule(string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags)) { Contract.Ensures(0 <= identity.Length); Contract.Ensures(identity.Length <= 512); }
public CryptoKeyAuditRule(System.Security.Principal.IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : base(default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags)) { }
public CryptoKeyAuditRule(string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this(new SecurityIdentifier(identity), cryptoKeyRights, flags) { }
// Summary: // Initializes a new instance of the System.Security.AccessControl.CryptoKeyAuditRule // class using the specified values. // // Parameters: // identity: // The identity to which the audit rule applies. This parameter must be an object // that can be cast as a System.Security.Principal.SecurityIdentifier. // // cryptoKeyRights: // The cryptographic key operation for which this audit rule generates audits. // // flags: // The conditions that generate audits. extern public CryptoKeyAuditRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags);
private static int AccessMaskFromRights (CryptoKeyRights cryptoKeyRights) { return (int) cryptoKeyRights; }
public CryptoKeyAccessRule (string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this (new SecurityIdentifier (identity), cryptoKeyRights, type) { }
// // Summary: // Initializes a new instance of the System.Security.AccessControl.CryptoKeyAccessRule // class using the specified values. // // Parameters: // identity: // The identity to which the access rule applies. // // cryptoKeyRights: // The cryptographic key operation to which this access rule controls access. // // type: // The valid access control type. extern public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type);
public CryptoKeyAuditRule(string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this(new NTAccount(identity), cryptoKeyRights, flags) { }
public CryptoKeyAccessRule (string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : this (new NTAccount (identity), cryptoKeyRights, type) { }
public CryptoKeyAuditRule (string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this (new SecurityIdentifier (identity), cryptoKeyRights, flags) { }
public CryptoKeyAuditRule (IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this (identity, AccessMaskFromRights(cryptoKeyRights), false, InheritanceFlags.None, PropagationFlags.None, flags) { }
// Constructors public CryptoKeyAuditRule(System.Security.Principal.IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) {}
// Constructors public CryptoKeyAccessRule(System.Security.Principal.IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) {}
public CryptoKeyAccessRule(System.Security.Principal.IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : base (default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AccessControlType)) { }
internal static void SetAccessRuleForCertificate(X509Certificate2 cert, string accountName, CryptoKeyRights keyAccessMask) { if (!cert.HasPrivateKey) { throw new ArgumentException($"cert '{cert.Thumbprint}' does not include a private key; shouldn't be here."); } try { using (var rsaKey = cert.GetRSAPrivateKey() as RSACng) { if (rsaKey == null) { throw new ArgumentException("unsupported key type - expected a RSA private key convertible to RSACng"); } // check if this a KSP-managed key; ignore the SmartCard KSP if (rsaKey.Key.Provider == CngProvider.MicrosoftSoftwareKeyStorageProvider) { Console.WriteLine($"Setting ACL on KSP cert '{cert.Thumbprint}: '{accountName}' - '{keyAccessMask.ToString()}"); SetAccessRuleOnKSPKey(rsaKey.Key, accountName, keyAccessMask); return; } // else this is a CSP key; however, netcore won't return a RSACryptoServiceProvider object // unless it absolutely has to - for non-Microsoft CSPs. That means we'll always get a RSACng // object, from which there is no direct path to the RSACSP we need in order to manage access. // The workaround is to build CspParameters from the cng private key, and then build a RSACSP // from it. First ensure this isn't a SmartCard provider. if (rsaKey.Key.Provider == CngProvider.MicrosoftSmartCardKeyStorageProvider) { throw new ArgumentException("unsupported key type - the provider is Microsoft SmartCard KSP, which is not supported in this context."); } using (var rsaCSP = ExtractRSACSPFromCNGKey(rsaKey.Key)) { Console.WriteLine($"Setting ACL on CSP cert '{cert.Thumbprint}: '{accountName}' - '{keyAccessMask.ToString()}"); SetAccessRuleOnCSPKey(rsaCSP, accountName, keyAccessMask); } } } catch (CryptographicException cxe) { Console.WriteLine($"exception '{cxe.HResult}: {cxe.Message}' was thrown"); } }
void AssertHasPrivateKeyRights(CryptoKeySecurity privateKeySecurity, string identifier, CryptoKeyRights right) { var accessRules = privateKeySecurity.GetAccessRules(true, false, typeof(NTAccount)); var found = accessRules.Cast <CryptoKeyAccessRule>() .Any(x => x.IdentityReference.Value == identifier && x.CryptoKeyRights.HasFlag(right)); Assert.True(found, "Private-Key right was not set"); }
internal static void SetAccessRuleOnCSPKey(RSACryptoServiceProvider key, string accountName, CryptoKeyRights keyAccessMask) { // CspKeyContainerInfo does not expose the CryptoKeySecurity property in NetCore; in that // case, we'll simply set access at the File (key container) level; for net40 and above, // we'll use the CryptoKeySecurityConstruct. #if NETCOREAPP2_1 SetAccessRuleOnCSPKeyViaKeyContainer(key, accountName, keyAccessMask); #else SetAccessRuleOnCSPKeyViaKeySecurity(key, accountName, keyAccessMask); #endif }
// Constructors public CryptoKeyAccessRule(System.Security.Principal.IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) { }
private static void SetAccessRuleOnCSPKeyViaKeySecurity(RSACryptoServiceProvider cspKey, string accountName, CryptoKeyRights keyAccessMask) { #if NETCOREAPP2_1 throw new InvalidOperationException("incorrect invocation: cannot call this function on non-net40 frameworks."); #else try { // The Persist method of the CryptoKeySecurity class is not publicly accessible, and so direct changes on an existing CSP // cannot be saved. We work around this by extracting the CSP parameters from the existing key, and adding the access rule // on a new clone of the CSP key. var cspParams = new CspParameters { ProviderType = cspKey.CspKeyContainerInfo.ProviderType, ProviderName = cspKey.CspKeyContainerInfo.ProviderName, CryptoKeySecurity = cspKey.CspKeyContainerInfo.CryptoKeySecurity, KeyContainerName = cspKey.CspKeyContainerInfo.KeyContainerName, KeyNumber = (int)cspKey.CspKeyContainerInfo.KeyNumber, Flags = CspProviderFlags.UseExistingKey | (cspKey.CspKeyContainerInfo.MachineKeyStore ? CspProviderFlags.UseMachineKeyStore : 0) }; cspParams.CryptoKeySecurity.AddAccessRule(new CryptoKeyAccessRule(accountName, keyAccessMask, AccessControlType.Allow)); using (RSACryptoServiceProvider newRsaCsp = new RSACryptoServiceProvider(cspParams)) { ; // no-op } } catch (Exception ex) { Console.WriteLine($"exception encountered setting access rights on private key '{cspKey.CspKeyContainerInfo.KeyNumber}': {ex.Message} ({ex.HResult})"); } #if DEBUG // re-open the provider to verify ACL using (RSACryptoServiceProvider newRsaCsp = CloneCSP(cspKey)) { // verify rules var keySecPostUpdate = newRsaCsp.CspKeyContainerInfo.CryptoKeySecurity; foreach (var keySecRule in keySecPostUpdate.GetAccessRules(includeExplicit: true, includeInherited: false, targetType: typeof(System.Security.Principal.NTAccount))) { if (keySecRule is CryptoKeyAccessRule cryptoACE) { Console.WriteLine($"ACE: {cryptoACE.IdentityReference}: {cryptoACE.CryptoKeyRights.ToString()}"); } } } #endif #endif }
public CryptoKeyAuditRule (string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this (new NTAccount(identity), AccessMaskFromRights(cryptoKeyRights), false, InheritanceFlags.None, PropagationFlags.None, flags) { }
private static void SetAccessRuleOnCSPKeyViaKeyContainer(RSACryptoServiceProvider cspKey, string accountName, CryptoKeyRights keyAccessMask) { #if !NETCOREAPP2_1 throw new InvalidOperationException("incorrect invocation: cannot call this function on non-netcore frameworks."); #else // If we're here, access is granted directly to the file corresponding to the private key. Assuming // this is a machine key (enforced in the calling function), the path to the key container is: // // $env:ProgramData\Microsoft\Crypto\RSA\MachineKeys\<key container unique name> // // e.g.: c:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e426a4e8a1b8c02e1105b9d7b8c056c_8c9bdc00-1bd7-4654-8e9b-8a234a4b3f88 var keyCtrUniqueName = cspKey.CspKeyContainerInfo.UniqueKeyContainerName; var programDataPath = Environment.GetEnvironmentVariable("ProgramData"); // unlikely to be missing var rsaMachineKeyPath = "Microsoft\\Crypto\\RSA\\MachineKeys"; var keyContainerPath = String.Format($"{programDataPath}\\{rsaMachineKeyPath}\\{keyCtrUniqueName}"); // assert the file exists if (!File.Exists(keyContainerPath)) // odd situation { throw new ArgumentException($"the expected key container file '{keyContainerPath}' does not exist; was it ephemeral or just deleted?"); } try { // extract the current ACL var fileACL = new FileSecurity(keyContainerPath, AccessControlSections.Access); FileSystemRights fileSystemKeyAccessRights = FileAccessRightsFromKeySecurityAccessRights(keyAccessMask); // add the access rule (OS merges) fileACL.AddAccessRule(new FileSystemAccessRule(accountName, fileSystemKeyAccessRights, AccessControlType.Allow)); // put back new FileInfo(keyContainerPath) .SetAccessControl(fileACL); } catch (Exception ex) { Console.WriteLine($"exception encountered trying to access the key container '{keyContainerPath}': {ex.Message} ({ex.HResult})"); } // quick check Console.WriteLine("checking permissions.."); var rules = new FileSecurity(keyContainerPath, AccessControlSections.Access) .GetAccessRules( includeExplicit: true, includeInherited: false, targetType: typeof(System.Security.Principal.NTAccount)); foreach (AuthorizationRule rule in rules) { if (rule is FileSystemAccessRule face) { Console.WriteLine($"ACE: {face.IdentityReference.ToString()}: {face.FileSystemRights.ToString()}"); } } #endif }
public CryptoKeyAccessRule(string identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) : base (default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AccessControlType)) { Contract.Ensures(0 <= identity.Length); Contract.Ensures(identity.Length <= 512); }
// translates access rights from the CryptoKeyRights bitmask into the equivalent file system access bitmask. private static FileSystemRights FileAccessRightsFromKeySecurityAccessRights(CryptoKeyRights keyAccessMask) { FileSystemRights fileAccessMask = 0; // build the access mask gradually if (0 != (keyAccessMask & CryptoKeyRights.ReadData)) { fileAccessMask |= FileSystemRights.ReadData; } if (0 != (keyAccessMask & CryptoKeyRights.WriteData)) { fileAccessMask |= FileSystemRights.WriteData; } if (0 != (keyAccessMask & CryptoKeyRights.ReadExtendedAttributes)) { fileAccessMask |= FileSystemRights.ReadExtendedAttributes; } if (0 != (keyAccessMask & CryptoKeyRights.WriteExtendedAttributes)) { fileAccessMask |= FileSystemRights.WriteExtendedAttributes; } if (0 != (keyAccessMask & CryptoKeyRights.ReadAttributes)) { fileAccessMask |= FileSystemRights.ReadAttributes; } if (0 != (keyAccessMask & CryptoKeyRights.WriteAttributes)) { fileAccessMask |= FileSystemRights.WriteAttributes; } if (0 != (keyAccessMask & CryptoKeyRights.Delete)) { fileAccessMask |= FileSystemRights.Delete; } if (0 != (keyAccessMask & CryptoKeyRights.ReadPermissions)) { fileAccessMask |= FileSystemRights.ReadPermissions; } if (0 != (keyAccessMask & CryptoKeyRights.ChangePermissions)) { fileAccessMask |= FileSystemRights.ChangePermissions; } if (0 != (keyAccessMask & CryptoKeyRights.TakeOwnership)) { fileAccessMask |= FileSystemRights.TakeOwnership; } if (0 != (keyAccessMask & CryptoKeyRights.Synchronize)) { fileAccessMask |= FileSystemRights.Synchronize; } // FullControl is a bitmask itself if (CryptoKeyRights.FullControl == (keyAccessMask & CryptoKeyRights.FullControl)) { fileAccessMask |= FileSystemRights.FullControl; } if (0 != (keyAccessMask & CryptoKeyRights.GenericAll)) { fileAccessMask |= FileSystemRights.Modify; } if (0 != (keyAccessMask & CryptoKeyRights.GenericExecute)) { fileAccessMask |= FileSystemRights.ReadAndExecute; } if (0 != (keyAccessMask & CryptoKeyRights.GenericWrite)) { fileAccessMask |= FileSystemRights.Write; } if (0 != (keyAccessMask & CryptoKeyRights.GenericRead)) { fileAccessMask |= FileSystemRights.Read; } return(fileAccessMask); }
public CryptoKeyAccessRule(IdentityReference identity, CryptoKeyRights cryptoKeyRights, AccessControlType type) { this.cryptoKeyRights = cryptoKeyRights; }
// // Summary: // Initializes a new instance of the System.Security.AccessControl.CryptoKeyAuditRule // class using the specified values. // // Parameters: // identity: // The identity to which the audit rule applies. // // cryptoKeyRights: // The cryptographic key operation for which this audit rule generates audits. // // flags: // The conditions that generate audits. extern public CryptoKeyAuditRule(string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags);
public CryptoKeyAuditRule (string identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : this (new NTAccount (identity), cryptoKeyRights, flags) { }
public CryptoKeyAuditRule(System.Security.Principal.IdentityReference identity, CryptoKeyRights cryptoKeyRights, AuditFlags flags) : base (default(System.Security.Principal.IdentityReference), default(int), default(bool), default(InheritanceFlags), default(PropagationFlags), default(AuditFlags)) { }