AccessCheck( [In] byte[] SecurityDescriptor, [In] SafeCloseHandle ClientToken, [In] int DesiredAccess, [In] GENERIC_MAPPING GenericMapping, [Out] out PRIVILEGE_SET PrivilegeSet, [In, Out] ref uint PrivilegeSetLength, [Out] out uint GrantedAccess, [Out] out bool AccessStatus);
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed) { if (null == securityDescriptor) { throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL"); } IsAccessAllowed = false; byte[] BinaryForm = new byte[securityDescriptor.BinaryLength]; securityDescriptor.GetBinaryForm(BinaryForm, 0); SafeCloseHandle ImpersonationToken = null; SafeCloseHandle clientIdentityToken = new SafeCloseHandle(clientIdentity.Token, false); try { if (SecurityUtils.IsPrimaryToken(clientIdentityToken)) { if (!SafeNativeMethods.DuplicateTokenEx(clientIdentityToken, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, TokenType.TokenImpersonation, out ImpersonationToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(ImpersonationToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.DuplicateTokenExFailed, error))); } } GENERIC_MAPPING GenericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET PrivilegeSet = new PRIVILEGE_SET(); uint PrivilegeSetLength = (uint)Marshal.SizeOf(PrivilegeSet); uint GrantedAccess = 0; if (!SafeNativeMethods.AccessCheck(BinaryForm, (ImpersonationToken != null) ? ImpersonationToken : clientIdentityToken, (int)ComRights.EXECUTE, GenericMapping, out PrivilegeSet, ref PrivilegeSetLength, out GrantedAccess, out IsAccessAllowed)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.AccessCheckFailed, error))); } } finally { if (ImpersonationToken != null) { ImpersonationToken.Dispose(); } } }
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed) { if (this.securityDescriptor == null) { throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL"); } IsAccessAllowed = false; byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength]; this.securityDescriptor.GetBinaryForm(binaryForm, 0); SafeCloseHandle newToken = null; SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false); try { if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(newToken); throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error }))); } GENERIC_MAPPING genericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET structure = new PRIVILEGE_SET(); uint privilegeSetLength = (uint)Marshal.SizeOf(structure); uint grantedAccess = 0; if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed)) { int num4 = Marshal.GetLastWin32Error(); throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 }))); } } finally { if (newToken != null) { newToken.Dispose(); } } }
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed) { if (this.securityDescriptor == null) { throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL"); } IsAccessAllowed = false; byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength]; this.securityDescriptor.GetBinaryForm(binaryForm, 0); SafeCloseHandle newToken = null; SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false); try { if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(newToken); throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error }))); } GENERIC_MAPPING genericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET structure = new PRIVILEGE_SET(); uint privilegeSetLength = (uint) Marshal.SizeOf(structure); uint grantedAccess = 0; if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed)) { int num4 = Marshal.GetLastWin32Error(); throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 }))); } } finally { if (newToken != null) { newToken.Dispose(); } } }
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed) { if (null == securityDescriptor) { throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL"); } IsAccessAllowed = false; byte[] BinaryForm = new byte[securityDescriptor.BinaryLength]; securityDescriptor.GetBinaryForm(BinaryForm, 0); SafeCloseHandle ImpersonationToken = null; SafeCloseHandle clientIdentityToken = new SafeCloseHandle(clientIdentity.Token, false); try { if (SecurityUtils.IsPrimaryToken(clientIdentityToken)) { if (!SafeNativeMethods.DuplicateTokenEx(clientIdentityToken, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, TokenType.TokenImpersonation, out ImpersonationToken)) { int error = Marshal.GetLastWin32Error(); Utility.CloseInvalidOutSafeHandle(ImpersonationToken); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.DuplicateTokenExFailed, error))); } } GENERIC_MAPPING GenericMapping = new GENERIC_MAPPING(); PRIVILEGE_SET PrivilegeSet = new PRIVILEGE_SET(); uint PrivilegeSetLength = (uint)Marshal.SizeOf(PrivilegeSet); uint GrantedAccess = 0; if (!SafeNativeMethods.AccessCheck(BinaryForm, (ImpersonationToken != null) ? ImpersonationToken : clientIdentityToken, (int)ComRights.EXECUTE, GenericMapping, out PrivilegeSet, ref PrivilegeSetLength, out GrantedAccess, out IsAccessAllowed)) { int error = Marshal.GetLastWin32Error(); throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.AccessCheckFailed, error))); } } finally { if (ImpersonationToken != null) ImpersonationToken.Dispose(); } }