/// <summary> /// Extracts the access rules from the SDDL string. /// </summary> private static void ParseSddl(string url, string sddl, List <HttpAccessRule> accessRules) { IList <AccessControlEntity> entities = AccessControlEntity.Parse(sddl); for (int ii = 0; ii < entities.Count; ii++) { AccessControlEntity entity = entities[ii]; if (entity.AccessType != "A") { continue; } ApplicationAccessRight rights = ApplicationAccessRight.None; switch (entity.Rights) { case "GA": case "GXGW": case "GWGX": { rights = ApplicationAccessRight.Configure; break; } case "GX": { rights = ApplicationAccessRight.Run; break; } } if (rights == ApplicationAccessRight.None) { continue; } string accountName = ApplicationAccessRule.SidToAccountName(entity.AccountSid); if (String.IsNullOrEmpty(accountName)) { continue; } HttpAccessRule rule = new HttpAccessRule(); rule.UrlPrefix = url; rule.Right = rights; rule.IdentityName = accountName; accessRules.Add(rule); } }
/// <summary> /// Sets the application access rules for the specified URL (replaces the hostname with a wildcard). /// </summary> public static void SetAccessRules(Uri url, IList <ApplicationAccessRule> accessRules, bool replaceExisting) { StringBuilder wildcard = new StringBuilder(); wildcard.Append(url.Scheme); wildcard.Append("://+:"); wildcard.Append(url.Port); wildcard.Append(url.PathAndQuery); List <HttpAccessRule> httpRules = new List <HttpAccessRule>(); foreach (ApplicationAccessRule accessRule in accessRules) { // urls do not support deny rules. if (accessRule.RuleType == AccessControlType.Deny) { continue; } string identityName = accessRule.IdentityName; if (accessRule.IdentityName.StartsWith("S-")) { identityName = ApplicationAccessRule.SidToAccountName(accessRule.IdentityName); if (identityName == null) { Utils.Trace("Could not translate SID: {0}", accessRule.IdentityName); continue; } } HttpAccessRule httpRule = new HttpAccessRule(); httpRule.Right = accessRule.Right; httpRule.IdentityName = identityName; httpRules.Add(httpRule); } SetAccessRules(wildcard.ToString(), httpRules, replaceExisting); }