Click here to Skip to main content
11,571,102 members (64,119 online)
Click here to Skip to main content

How to get user SID using DirectoryServices classes

, 19 Feb 2003 98.1K 2 22
Rate this:
Please Sign up or sign in to vote.
An article describing how to use DirectoryServices classes to get a user's SID.

Introduction

This article demonstrates how you can make use of DirectoryServices namespace classes to get a user's SID. This code does not make use of PInvoke to call into Win32 APIs to get the required information. We have extended the concepts of our previous article, How to get full name of logged in user, to show how every piece of information can be obtained by using DirectoryEntry object for a given user.

User's sid is returned by accessing objectSid property of DirectoryEntry obect. The value is returned as Byte [] array. This byte array can be parsed to get string representation of SID value. The binary representation of SID consists of following values.

PSID_IDENTIFIER_AUTHORITY    - First 6 bytes
SubAuthorityCount            - Next 1 Byte
SubAuthority0                - Next 4 bytes
SubAuthority1                - Next 4 bytes
SubAuthority2                - Next 4 bytes
SubAuthority3                - Next 4 bytes
SubAuthority4                - Next 4 bytes
SubAuthority5                - Next 4 bytes
SubAuthority6                - Next 4 bytes
SubAuthority7                - Next 4 bytes

Number of sub-authority values depend upon value of SubAuthorityCount. The max number of sub-authorities is 8.

private string GetSid(string strLogin)
{
    string str = "";
    // Parse the string to check if domain name is present.
    int idx = strLogin.IndexOf('\\');
    if (idx == -1)
    {
        idx = strLogin.IndexOf('@');
    }

    string strDomain;
    string strName;

    if (idx != -1)
    {
        strDomain = strLogin.Substring(0, idx);
        strName = strLogin.Substring(idx+1);
    }
    else
    {
        strDomain = Environment.MachineName;
        strName = strLogin;
    }

    
    DirectoryEntry obDirEntry = null;
    try
    {
        Int64 iBigVal = 5;
        Byte[] bigArr = BitConverter.GetBytes(iBigVal);
        obDirEntry = new DirectoryEntry("WinNT://" + 
                              strDomain + "/" + strName);
        System.DirectoryServices.PropertyCollection  
                           coll = obDirEntry.Properties;
        object obVal = coll["objectSid"].Value;
        if (null != obVal)
        {
            str = this.ConvertByteToStringSid((Byte[])obVal);
        }
        
    }
    catch (Exception ex)
    {
        str = "";
        Trace.Write(ex.Message);
    }
    return str;
}

private string ConvertByteToStringSid(Byte[] sidBytes)
{
    StringBuilder strSid = new StringBuilder();
    strSid.Append("S-");
    try
    {
        // Add SID revision.
        strSid.Append(sidBytes[0].ToString());
        // Next six bytes are SID authority value.
        if (sidBytes[6] != 0 || sidBytes[5] != 0)
        {
            string strAuth = String.Format
                ("0x{0:2x}{1:2x}{2:2x}{3:2x}{4:2x}{5:2x}",
                (Int16)sidBytes[1],
                (Int16)sidBytes[2],
                (Int16)sidBytes[3],
                (Int16)sidBytes[4],
                (Int16)sidBytes[5],
                (Int16)sidBytes[6]);
            strSid.Append("-");
            strSid.Append(strAuth);
        }
        else
        {
            Int64 iVal = (Int32)(sidBytes[1]) +
                (Int32)(sidBytes[2] << 8) +
                (Int32)(sidBytes[3] << 16) +
                (Int32)(sidBytes[4] << 24);
            strSid.Append("-");
            strSid.Append(iVal.ToString());
        }

        // Get sub authority count...
        int iSubCount = Convert.ToInt32(sidBytes[7]);
        int idxAuth = 0;
        for (int i = 0; i < iSubCount; i++)
        {
            idxAuth = 8 + i * 4;
            UInt32 iSubAuth = BitConverter.ToUInt32(sidBytes, idxAuth);
            strSid.Append("-");
            strSid.Append(iSubAuth.ToString());
        }
    }
    catch (Exception ex)
    {
        Trace.Warn(ex.Message);
        return "";
    }
    return strSid.ToString();
}

Please feel free to send your suggestions directly to me at softomatix@pardesiservices.com.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Softomatix
Web Developer
United States United States
To learn more about us, Please visit us at http://www.netomatix.com

You may also be interested in...

Comments and Discussions

 
GeneralSystem.Security.Principal.SecurityIdentifier is the best Pin
webmoon19-Jan-09 17:32
memberwebmoon19-Jan-09 17:32 
GeneralRe: System.Security.Principal.SecurityIdentifier is the best Pin
shawnadrock5-Nov-13 3:45
membershawnadrock5-Nov-13 3:45 
GeneralTry this! Pin
Mohammad Reza Jooyandeh12-Jul-07 5:57
memberMohammad Reza Jooyandeh12-Jul-07 5:57 
GeneralWinNT Provider not supported on 2003 Pin
Xileh15-Sep-05 8:39
sussXileh15-Sep-05 8:39 
GeneralRelated: Get SIDs from GC cache Pin
Lehi6-Jan-05 14:31
memberLehi6-Jan-05 14:31 
Get SIDs from AD's global catalog

I am cool.
GeneralJust one safe method Pin
maher.tebourbi22-Nov-04 2:56
membermaher.tebourbi22-Nov-04 2:56 
GeneralSID decoding is wrong Pin
Sidhe27-Apr-04 1:58
memberSidhe27-Apr-04 1:58 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150624.2 | Last Updated 20 Feb 2003
Article Copyright 2003 by Softomatix
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid