public bool UserSessionIsInList(int sessionID) { SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(sessionID); if (sid != null) { EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); return(encryptedSettings.ContainsSID(sid)); } else { return(false); } }
/// <summary> /// Returns a value indicating whether a user is in the /// list of added users. /// </summary> /// <returns> /// Returns true if the given user is already in the list of added /// users. Otherwise, false is returned. /// </returns> public bool UserIsInList() { WindowsIdentity userIdentity = null; if (ServiceSecurityContext.Current != null) { userIdentity = ServiceSecurityContext.Current.WindowsIdentity; } if (userIdentity != null) { EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); return(encryptedSettings.ContainsSID(userIdentity.User)); } else { return(false); } }
/// <summary> /// Executes when a change event is received from a Terminal Server session. /// </summary> /// <param name="changeDescription"> /// Identifies the type of session change and the session to which it applies. /// </param> protected override void OnSessionChange(SessionChangeDescription changeDescription) { switch (changeDescription.Reason) { // The user has logged off from a session, either locally or remotely. case SessionChangeReason.SessionLogoff: EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); System.Collections.Generic.List <SecurityIdentifier> sidsToRemove = new System.Collections.Generic.List <SecurityIdentifier>(encryptedSettings.AddedUserSIDs); int[] sessionIds = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds(); // For any user that is still logged on, remove their SID from the list of // SIDs to be removed from Administrators. That is, let the users who are still // logged on stay in the Administrators group. foreach (int id in sessionIds) { SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(id); if (sid != null) { if (sidsToRemove.Contains(sid)) { sidsToRemove.Remove(sid); } } } // Process the list of SIDs to be removed from Administrators. for (int i = 0; i < sidsToRemove.Count; i++) { if ( // If the user is not remote. (!(encryptedSettings.ContainsSID(sidsToRemove[i]) && encryptedSettings.IsRemote(sidsToRemove[i]))) && // If admin rights are to be removed on logoff, or the user's rights do not expire. (Settings.RemoveAdminRightsOnLogout || !encryptedSettings.GetExpirationTime(sidsToRemove[i]).HasValue) ) { LocalAdministratorGroup.RemoveUser(sidsToRemove[i], RemovalReason.UserLogoff); } } /* * In theory, this code should remove the user associated with the logoff, but it doesn't work. * SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(changeDescription.SessionId); * if (!(UserList.ContainsSID(sid) && UserList.IsRemote(sid))) * { * LocalAdministratorGroup.RemoveUser(sid, RemovalReason.UserLogoff); * } */ break; // The user has logged on to a session, either locally or remotely. case SessionChangeReason.SessionLogon: WindowsIdentity userIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(changeDescription.SessionId); if (userIdentity != null) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); bool userIsAuthorizedForAutoAdd = channel.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied); namedPipeFactory.Close(); // If the user is in the automatic add list, then add them to the Administrators group. if ( (Settings.AutomaticAddAllowed != null) && (Settings.AutomaticAddAllowed.Length > 0) && (userIsAuthorizedForAutoAdd /*UserIsAuthorized(userIdentity, Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied)*/) ) { LocalAdministratorGroup.AddUser(userIdentity, null, null); } } else { ApplicationLog.WriteEvent(Properties.Resources.UserIdentifyIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Warning); } break; /* * // The user has reconnected or logged on to a remote session. * case SessionChangeReason.RemoteConnect: * ApplicationLog.WriteInformationEvent(string.Format("Remote connect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has disconnected or logged off from a remote session. * case SessionChangeReason.RemoteDisconnect: * ApplicationLog.WriteInformationEvent(string.Format("Remote disconnect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has locked their session. * case SessionChangeReason.SessionLock: * ApplicationLog.WriteInformationEvent(string.Format("Session lock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has unlocked their session. * case SessionChangeReason.SessionUnlock: * ApplicationLog.WriteInformationEvent(string.Format("Session unlock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ } base.OnSessionChange(changeDescription); }