static bool TryCreateWindowsSidClaim(WindowsIdentity windowsIdentity, out Claim claim)
{
SafeHGlobalHandle safeAllocHandle = SafeHGlobalHandle.InvalidHandle;
try
{
uint dwLength;
safeAllocHandle = GetTokenInformation(windowsIdentity.Token, TokenInformationClass.TokenUser, out dwLength);
SID_AND_ATTRIBUTES user = (SID_AND_ATTRIBUTES)Marshal.PtrToStructure(safeAllocHandle.DangerousGetHandle(), typeof(SID_AND_ATTRIBUTES));
uint mask = NativeMethods.SE_GROUP_USE_FOR_DENY_ONLY;
if (user.Attributes == 0)
{
claim = Claim.CreateWindowsSidClaim(new SecurityIdentifier(user.Sid));
return(true);
}
else if ((user.Attributes & mask) == NativeMethods.SE_GROUP_USE_FOR_DENY_ONLY)
{
claim = Claim.CreateDenyOnlyWindowsSidClaim(new SecurityIdentifier(user.Sid));
return(true);
}
}
finally
{
safeAllocHandle.Close();
}
claim = null;
return(false);
}
private static bool TryCreateWindowsSidClaim(System.Security.Principal.WindowsIdentity windowsIdentity, out Claim claim)
{
SafeHGlobalHandle invalidHandle = SafeHGlobalHandle.InvalidHandle;
try
{
uint num;
invalidHandle = GetTokenInformation(windowsIdentity.Token, System.IdentityModel.TokenInformationClass.TokenUser, out num);
SID_AND_ATTRIBUTES sid_and_attributes = (SID_AND_ATTRIBUTES)Marshal.PtrToStructure(invalidHandle.DangerousGetHandle(), typeof(SID_AND_ATTRIBUTES));
uint num2 = 0x10;
if (sid_and_attributes.Attributes == 0)
{
claim = Claim.CreateWindowsSidClaim(new SecurityIdentifier(sid_and_attributes.Sid));
return(true);
}
if ((sid_and_attributes.Attributes & num2) == 0x10)
{
claim = Claim.CreateDenyOnlyWindowsSidClaim(new SecurityIdentifier(sid_and_attributes.Sid));
return(true);
}
}
finally
{
invalidHandle.Close();
}
claim = null;
return(false);
}
