protected Dictionary <string, CentralAccessPolicy> QueryCaps(string domainName, string userName, string password) { Dictionary <string, CentralAccessRule> rules = new Dictionary <string, CentralAccessRule>(); Dictionary <string, CentralAccessPolicy> policies = new Dictionary <string, CentralAccessPolicy>(); string[] domainNameTokens = domainName.Split('.'); string admin = $"{domainNameTokens[0].ToUpper()}\\{userName}"; StringBuilder bindString = new StringBuilder("CN=Claims Configuration,CN=Services,CN=Configuration"); foreach (string domainNameToken in domainNameTokens) { bindString.Append(",DC="); bindString.Append(domainNameToken); } string searchBase = bindString.ToString(); using (LdapConnection conn = new LdapConnection()) { conn.Connect(domainName, 389); conn.Bind(admin, password); var results = conn.Search(searchBase, LdapConnection.ScopeSub, "(objectClass=msAuthz-CentralAccessRule)", new string[] { "cn", "distinguishedName", "msAuthz-EffectiveSecurityPolicy", "msAuthz-ResourceCondition" }, false); var entryList = results.GetAllLdapEntries(); foreach (KeyValuePair <string, IList <LdapAttribute> > kvp in entryList) { string dn = kvp.Value.GetStringValueFromAttributes("distinguishedName"); string carName = kvp.Value.GetStringValueFromAttributes("cn"); string sddl = kvp.Value.GetStringValueFromAttributes("msAuthz-EffectiveSecurityPolicy"); string resourceCondition = kvp.Value.GetStringValueFromAttributes("msAuthz-ResourceCondition"); CentralAccessRule rule = new CentralAccessRule { Name = carName, Sddl = sddl, ResourceCondition = resourceCondition }; rules.Add(dn, rule); } results = conn.Search(searchBase, LdapConnection.ScopeSub, "(objectClass=msAuthz-CentralAccessPolicy)", new string[] { "cn", "msAuthz-CentralAccessPolicyID", "msAuthz-MemberRulesInCentralAccessPolicy" }, false); var policyEntryList = results.GetAllLdapEntries(); foreach (KeyValuePair <string, IList <LdapAttribute> > kvp in policyEntryList) { CentralAccessPolicy policy = new CentralAccessPolicy(); string capName = kvp.Value.GetStringValueFromAttributes("cn"); policy.Name = capName; byte[] sidInBinary = (byte[])kvp.Value.GetBytesValueFromAttributes("msAuthz-CentralAccessPolicyID")[0]; _SID capId = TypeMarshal.ToStruct <_SID>(sidInBinary); policy.Id = capId; IList <string> rulesPath = kvp.Value.GetStringListValueFromAttributes("msAuthz-MemberRulesInCentralAccessPolicy"); foreach (string ruleDN in rulesPath) { policy.MemberRules.Add(rules[ruleDN]); } policies.Add(capName, policy); } conn.Disconnect(); } return(policies); }
protected Dictionary <string, CentralAccessPolicy> QueryCaps(string domainName, string userName, string password) { Dictionary <string, CentralAccessRule> rules = new Dictionary <string, CentralAccessRule>(); Dictionary <string, CentralAccessPolicy> policies = new Dictionary <string, CentralAccessPolicy>(); string[] domainNameTokens = domainName.Split('.'); Debug.Assert(domainNameTokens.Length >= 2, "Domain name has at least 2 parts."); StringBuilder bindString = new StringBuilder("LDAP://CN=Claims Configuration,CN=Services,CN=Configuration"); foreach (string domainNameToken in domainNameTokens) { bindString.Append(",DC="); bindString.Append(domainNameToken); } using (DirectoryEntry ldapConnection = new DirectoryEntry(bindString.ToString())) { ldapConnection.AuthenticationType = AuthenticationTypes.Secure; ldapConnection.Username = userName; ldapConnection.Password = password; using (DirectorySearcher AccessRuleSearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessRule)", new string[] { "cn", "distinguishedName", "msAuthz-EffectiveSecurityPolicy", "msAuthz-ResourceCondition" }, SearchScope.Subtree)) using (SearchResultCollection searchResults = AccessRuleSearcher.FindAll()) { foreach (SearchResult searchResult in searchResults) { string dn = (string)searchResult.Properties["distinguishedName"][0]; string carName = (string)searchResult.Properties["cn"][0]; string sddl = (string)searchResult.Properties["msAuthz-EffectiveSecurityPolicy"][0]; string resourceCondition = null; if (searchResult.Properties["msAuthz-ResourceCondition"].Count > 0) { resourceCondition = (string)searchResult.Properties["msAuthz-ResourceCondition"][0]; } CentralAccessRule rule = new CentralAccessRule { Name = carName, Sddl = sddl, ResourceCondition = resourceCondition }; rules.Add(dn, rule); } } using (DirectorySearcher AccessPolicySearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessPolicy)", new string[] { "cn", "msAuthz-CentralAccessPolicyID", "msAuthz-MemberRulesInCentralAccessPolicy" }, SearchScope.Subtree)) using (SearchResultCollection searchResults = AccessPolicySearcher.FindAll()) { foreach (SearchResult searchResult in searchResults) { CentralAccessPolicy policy = new CentralAccessPolicy(); string capName = (string)searchResult.Properties["cn"][0]; policy.Name = capName; byte[] sidInBinary = (byte[])searchResult.Properties["msAuthz-CentralAccessPolicyID"][0]; _SID capId = TypeMarshal.ToStruct <_SID>(sidInBinary); policy.Id = capId; ResultPropertyValueCollection rulesPath = searchResult.Properties["msAuthz-MemberRulesInCentralAccessPolicy"]; foreach (string ruleDN in rulesPath) { policy.MemberRules.Add(rules[ruleDN]); } policies.Add(capName, policy); } } } return(policies); }
protected Dictionary<string, CentralAccessPolicy> QueryCaps(string domainName, string userName, string password) { Dictionary<string, CentralAccessRule> rules = new Dictionary<string, CentralAccessRule>(); Dictionary<string, CentralAccessPolicy> policies = new Dictionary<string, CentralAccessPolicy>(); string[] domainNameTokens = domainName.Split('.'); Debug.Assert(domainNameTokens.Length >= 2, "Domain name has at least 2 parts."); StringBuilder bindString = new StringBuilder("LDAP://CN=Claims Configuration,CN=Services,CN=Configuration"); foreach (string domainNameToken in domainNameTokens) { bindString.Append(",DC="); bindString.Append(domainNameToken); } using (DirectoryEntry ldapConnection = new DirectoryEntry(bindString.ToString())) { ldapConnection.AuthenticationType = AuthenticationTypes.Secure; ldapConnection.Username = userName; ldapConnection.Password = password; using (DirectorySearcher AccessRuleSearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessRule)", new string[] { "cn", "distinguishedName", "msAuthz-EffectiveSecurityPolicy", "msAuthz-ResourceCondition" }, SearchScope.Subtree)) using (SearchResultCollection searchResults = AccessRuleSearcher.FindAll()) { foreach (SearchResult searchResult in searchResults) { string dn = (string)searchResult.Properties["distinguishedName"][0]; string carName = (string)searchResult.Properties["cn"][0]; string sddl = (string)searchResult.Properties["msAuthz-EffectiveSecurityPolicy"][0]; string resourceCondition = null; if (searchResult.Properties["msAuthz-ResourceCondition"].Count > 0) { resourceCondition = (string)searchResult.Properties["msAuthz-ResourceCondition"][0]; } CentralAccessRule rule = new CentralAccessRule { Name = carName, Sddl = sddl, ResourceCondition = resourceCondition }; rules.Add(dn, rule); } } using (DirectorySearcher AccessPolicySearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessPolicy)", new string[] { "cn", "msAuthz-CentralAccessPolicyID", "msAuthz-MemberRulesInCentralAccessPolicy" }, SearchScope.Subtree)) using (SearchResultCollection searchResults = AccessPolicySearcher.FindAll()) { foreach (SearchResult searchResult in searchResults) { CentralAccessPolicy policy = new CentralAccessPolicy(); string capName = (string)searchResult.Properties["cn"][0]; policy.Name = capName; byte[] sidInBinary = (byte[])searchResult.Properties["msAuthz-CentralAccessPolicyID"][0]; _SID capId = TypeMarshal.ToStruct<_SID>(sidInBinary); policy.Id = capId; ResultPropertyValueCollection rulesPath = searchResult.Properties["msAuthz-MemberRulesInCentralAccessPolicy"]; foreach (string ruleDN in rulesPath) { policy.MemberRules.Add(rules[ruleDN]); } policies.Add(capName, policy); } } } return policies; }