AccessCheck(
[In] byte[] SecurityDescriptor,
[In] SafeCloseHandle ClientToken,
[In] int DesiredAccess,
[In] GENERIC_MAPPING GenericMapping,
[Out] out PRIVILEGE_SET PrivilegeSet,
[In, Out] ref uint PrivilegeSetLength,
[Out] out uint GrantedAccess,
[Out] out bool AccessStatus);
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
{
if (null == securityDescriptor)
{
throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
}
IsAccessAllowed = false;
byte[] BinaryForm = new byte[securityDescriptor.BinaryLength];
securityDescriptor.GetBinaryForm(BinaryForm, 0);
SafeCloseHandle ImpersonationToken = null;
SafeCloseHandle clientIdentityToken = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (SecurityUtils.IsPrimaryToken(clientIdentityToken))
{
if (!SafeNativeMethods.DuplicateTokenEx(clientIdentityToken,
TokenAccessLevels.Query,
IntPtr.Zero,
SecurityImpersonationLevel.Identification,
TokenType.TokenImpersonation,
out ImpersonationToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(ImpersonationToken);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.DuplicateTokenExFailed, error)));
}
}
GENERIC_MAPPING GenericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET PrivilegeSet = new PRIVILEGE_SET();
uint PrivilegeSetLength = (uint)Marshal.SizeOf(PrivilegeSet);
uint GrantedAccess = 0;
if (!SafeNativeMethods.AccessCheck(BinaryForm, (ImpersonationToken != null) ? ImpersonationToken : clientIdentityToken,
(int)ComRights.EXECUTE, GenericMapping, out PrivilegeSet,
ref PrivilegeSetLength, out GrantedAccess, out IsAccessAllowed))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.AccessCheckFailed, error)));
}
}
finally
{
if (ImpersonationToken != null)
{
ImpersonationToken.Dispose();
}
}
}
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
{
if (this.securityDescriptor == null)
{
throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
}
IsAccessAllowed = false;
byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength];
this.securityDescriptor.GetBinaryForm(binaryForm, 0);
SafeCloseHandle newToken = null;
SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(newToken);
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error })));
}
GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET structure = new PRIVILEGE_SET();
uint privilegeSetLength = (uint)Marshal.SizeOf(structure);
uint grantedAccess = 0;
if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed))
{
int num4 = Marshal.GetLastWin32Error();
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 })));
}
}
finally
{
if (newToken != null)
{
newToken.Dispose();
}
}
}
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
{
if (this.securityDescriptor == null)
{
throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
}
IsAccessAllowed = false;
byte[] binaryForm = new byte[this.securityDescriptor.BinaryLength];
this.securityDescriptor.GetBinaryForm(binaryForm, 0);
SafeCloseHandle newToken = null;
SafeCloseHandle token = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (System.ServiceModel.ComIntegration.SecurityUtils.IsPrimaryToken(token) && !SafeNativeMethods.DuplicateTokenEx(token, TokenAccessLevels.Query, IntPtr.Zero, SecurityImpersonationLevel.Identification, System.ServiceModel.ComIntegration.TokenType.TokenImpersonation, out newToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(newToken);
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, System.ServiceModel.SR.GetString("DuplicateTokenExFailed", new object[] { error })));
}
GENERIC_MAPPING genericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET structure = new PRIVILEGE_SET();
uint privilegeSetLength = (uint) Marshal.SizeOf(structure);
uint grantedAccess = 0;
if (!SafeNativeMethods.AccessCheck(binaryForm, (newToken != null) ? newToken : token, 1, genericMapping, out structure, ref privilegeSetLength, out grantedAccess, out IsAccessAllowed))
{
int num4 = Marshal.GetLastWin32Error();
throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(num4, System.ServiceModel.SR.GetString("AccessCheckFailed", new object[] { num4 })));
}
}
finally
{
if (newToken != null)
{
newToken.Dispose();
}
}
}
private void CheckAccess(WindowsIdentity clientIdentity, out bool IsAccessAllowed)
{
if (null == securityDescriptor)
{
throw Fx.AssertAndThrowFatal("Security Descriptor must not be NULL");
}
IsAccessAllowed = false;
byte[] BinaryForm = new byte[securityDescriptor.BinaryLength];
securityDescriptor.GetBinaryForm(BinaryForm, 0);
SafeCloseHandle ImpersonationToken = null;
SafeCloseHandle clientIdentityToken = new SafeCloseHandle(clientIdentity.Token, false);
try
{
if (SecurityUtils.IsPrimaryToken(clientIdentityToken))
{
if (!SafeNativeMethods.DuplicateTokenEx(clientIdentityToken,
TokenAccessLevels.Query,
IntPtr.Zero,
SecurityImpersonationLevel.Identification,
TokenType.TokenImpersonation,
out ImpersonationToken))
{
int error = Marshal.GetLastWin32Error();
Utility.CloseInvalidOutSafeHandle(ImpersonationToken);
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.DuplicateTokenExFailed, error)));
}
}
GENERIC_MAPPING GenericMapping = new GENERIC_MAPPING();
PRIVILEGE_SET PrivilegeSet = new PRIVILEGE_SET();
uint PrivilegeSetLength = (uint)Marshal.SizeOf(PrivilegeSet);
uint GrantedAccess = 0;
if (!SafeNativeMethods.AccessCheck(BinaryForm, (ImpersonationToken != null) ? ImpersonationToken : clientIdentityToken,
(int)ComRights.EXECUTE, GenericMapping, out PrivilegeSet,
ref PrivilegeSetLength, out GrantedAccess, out IsAccessAllowed))
{
int error = Marshal.GetLastWin32Error();
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new Win32Exception(error, SR.GetString(SR.AccessCheckFailed, error)));
}
}
finally
{
if (ImpersonationToken != null)
ImpersonationToken.Dispose();
}
}
internal static extern bool AccessCheck([In] byte[] SecurityDescriptor, [In] SafeCloseHandle ClientToken, [In] int DesiredAccess, [In] GENERIC_MAPPING GenericMapping, out PRIVILEGE_SET PrivilegeSet, [In, Out] ref uint PrivilegeSetLength, out uint GrantedAccess, out bool AccessStatus);
