C# 中的 ACL 检查/管理
我想知道是否有一种方法可以根据 C# 中的 ACL 检查用户权限。 我正在构建一个大型系统,该系统将使用活动目录进行身份验证,并且我想尽可能多地使用 Windows 安全管道。 在花了最后几个小时浏览 System.Security.AccessControl 之后,我不确定它是否提供了一种简单的方法来根据其 ACL 列表检查用户令牌。 尽管有足够的抽象类来实现自定义系统,但它看起来更适合操作 Windows 安全描述符。
我研究过 Authz API,它看起来更加灵活,并且有一个函数 (AuthzAccessCheck),允许根据安全描述符检查上下文。 如果需要的话,我一点也不反对包装它们。
还有其他人遇到过类似的问题吗?如果有的话,您认为它们的优点和缺点是什么?
I am wondering if there is a way to check a users permissions against an ACL in c#. I am building a large system that is going to use active directory for authentication and I would like to use as much of windows security plumbing as I can. After spending the last couple of hours browsing the System.Security.AccessControl I am not sure that it provides an easy way to check a users token against its ACL list. It looks like it is much more geared to manipulating windows security descriptors although there are enough abstract classes to implement a custom system.
I have looking at the Authz APIs which seem to much more flexible and have a function (AuthzAccessCheck) which allows the context to be checked against the security descriptor. I am not opposed at all to wrapping them if I need to.
Has anyone else had a similar problem and if so what were the pros and cons as you saw them?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
ACL是如何存储和访问的? 是否可以将 ACL 条目转换为 PrincipalPermission 对象? 如果是这样,那么您可以使用 Demand() 方法来检查访问权限,如果用户没有访问权限,它会抛出 SecurityException。
How is the ACL stored and accessed? Is it possible to have the ACL entries converted to a PrincipalPermission object? If so then you can use the Demand() method to check for access rights, it throws a SecurityException if the users does not have access.