static bool TryCreateWindowsSidClaim(WindowsIdentity windowsIdentity, out Claim claim) { SafeHGlobalHandle safeAllocHandle = SafeHGlobalHandle.InvalidHandle; try { uint dwLength; safeAllocHandle = GetTokenInformation(windowsIdentity.Token, TokenInformationClass.TokenUser, out dwLength); SID_AND_ATTRIBUTES user = (SID_AND_ATTRIBUTES)Marshal.PtrToStructure(safeAllocHandle.DangerousGetHandle(), typeof(SID_AND_ATTRIBUTES)); uint mask = NativeMethods.SE_GROUP_USE_FOR_DENY_ONLY; if (user.Attributes == 0) { claim = Claim.CreateWindowsSidClaim(new SecurityIdentifier(user.Sid)); return(true); } else if ((user.Attributes & mask) == NativeMethods.SE_GROUP_USE_FOR_DENY_ONLY) { claim = Claim.CreateDenyOnlyWindowsSidClaim(new SecurityIdentifier(user.Sid)); return(true); } } finally { safeAllocHandle.Close(); } claim = null; return(false); }
private static bool TryCreateWindowsSidClaim(System.Security.Principal.WindowsIdentity windowsIdentity, out Claim claim) { SafeHGlobalHandle invalidHandle = SafeHGlobalHandle.InvalidHandle; try { uint num; invalidHandle = GetTokenInformation(windowsIdentity.Token, System.IdentityModel.TokenInformationClass.TokenUser, out num); SID_AND_ATTRIBUTES sid_and_attributes = (SID_AND_ATTRIBUTES)Marshal.PtrToStructure(invalidHandle.DangerousGetHandle(), typeof(SID_AND_ATTRIBUTES)); uint num2 = 0x10; if (sid_and_attributes.Attributes == 0) { claim = Claim.CreateWindowsSidClaim(new SecurityIdentifier(sid_and_attributes.Sid)); return(true); } if ((sid_and_attributes.Attributes & num2) == 0x10) { claim = Claim.CreateDenyOnlyWindowsSidClaim(new SecurityIdentifier(sid_and_attributes.Sid)); return(true); } } finally { invalidHandle.Close(); } claim = null; return(false); }