5,136,034 members and growing! (11,638 online)
Email Password   helpLost your password?
Platforms, Frameworks & Libraries » .NET Framework » General     Intermediate

Access Control List in C# 2.0

By Sumit Jain

A tool to enumerate all access control list entries 		C#, VC8.0, C++, Windows, .NET, .NET 2.0VS2005, VS, Dev

Posted: 5 Oct 2006
Updated: 5 Oct 2006
Views: 10,588
Announcements
Services
Code Project Coffee
Free Magazines

Chapters
Desktop Development
Web Development
Enterprise Systems
Multimedia
Database
Platforms, Frameworks & Libraries
Languages
General Programming
Graphics / Design
Development Lifecycle
General Reading
Third Party Products

Feature Zones
IBM DeveloperWorks
WhitePapers
Code Generation
Quest SQL Zone
Search    
Advanced Search
Sitemap
print Print   Broken Article? Report Article       Discuss Discuss   Recommend Article Send to a friend
5 votes for this Article.
Popularity: 2.10 Rating: 3.00 out of 5
2 votes, 40.0%
1		 0 votes, 0.0%
2		 1 vote, 20.0%
3		 0 votes, 0.0%
4		 2 votes, 40.0%
5
Note: This is an unedited contribution. If this article is inappropriate, needs attention or copies someone else's work without reference then please Report This Article

Sample Image - ADPermissions.jpg

Introduction

I have created a ACL Viewer utility which does the following:

 

1. Resolve Sid in current domain and trusted domains only. Currently It does not resolve in the forest and few well-know sids.

2. Show all the permissions assigned to a Trustee.

3. Show inheritance information

4. Resolve all the object-guids ==> property, property-set and object types

 

MS has developed a very good architecture to get the data from Active Directory in .NET. However I did not found a good document on the same. I did some RnD and created an ACL viewer which I required to test my effective permission algorithm.

 

I will talk about effective permission in my next article. This is just the beginning for permission in active directory.

 

Algorithm:

Input:
1. LDAP path of the Object
2. Credentials => UserName and Password

 

Output:
List all the permissions assigned on the give object

 

Algorithm:
1. Bind to the object using the credentials ==> Use DirectoryEntry class for this
2. Get the security information from the object ==> Use ActiveDirectorySecurity class for this
3. Get the Security Descriptor from the security information ==> In SDDL format (basically its a string format)
4. Get all the access rules, access control entries ==> Use AuthorizationRuleCollection class for this
5. For each rule, resolve the SID and object-Type
6. Display all the entries to the user.

 

Code

DirectoryEntry objDE = new DirectoryEntry(adPath, credUser, credPassword);

ActiveDirectorySecurity adSecurity = objDE.ObjectSecurity;

string sd = adSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);

AuthorizationRuleCollection rules = adSecurity.GetAccessRules(true, true, typeof(NTAccount);

NTAccount class resolves SIDs in the current domain. I have use ::LookupAccountSid to resolve SIDs in trusted domains and to resolve Well-Known SIDs.

To resolve Object-Types I am getting all the object-types from the active directory and caching it. The code is really simple and you can figure is out very easily.

Still if you have problems please contact me at SumitKJain@hotmail.com

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Sumit Jain


 Sumit Jain,Software Developer,Working with Symantec.
Location: India India

Other popular .NET Framework articles:
Article Top
Sign Up to vote for this article
You must Sign In to use this message board.
FAQ FAQ Noise ToleranceSearch Search Messages 
 Layout  Per page   
 Msgs 1 to 1 of 1 (Total in Forum: 1) (Refresh)FirstPrevNext
Subject  Author Date 
QuestionPermissionsmemberJonathan Mercer5:37 28 Mar '07  
Last Visit: Friday, May 16, 2008 4:09 PM     Last Update:Friday, May 16, 2008 4:09 PM

General General    News News    Question Question    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

PermaLink | Privacy | Terms of Use
Last Updated: 5 Oct 2006
Editor:
Copyright 2006 by Sumit Jain
Everything else Copyright © CodeProject, 1999-2008
Web16 | Advertise on the Code Project