使用权限属性
我可能只是误解了这个概念,但我仍然认为我应该问:
我正在尝试找到在 Win2008 中创建新的本地用户组所需的特定权限。我检查了 System.DirectoryServices.AccountManagement 命名空间并声明了所需的权限:
[SecurityPermissionAttribute(SecurityAction.Assert, Flags = SecurityPermissionFlag.UnmanagedCode)]
[DirectoryServicesPermissionAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)]
[DirectoryServicesPermissionAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
我预计当这些权限之一被拒绝时(即进入该方法时)会出现异常。相反,在调用主体 Save 方法时,我仍然收到 UnauthorizedAccessException 。
我在这里缺少什么?我正在寻找更多关于使用权限属性的答案,而不是这个特定问题的解决方案。
谢谢。
I'm probably just getting the concept wrong, but still i thought I should ask:
I'm trying to find the specific permissions needed to create a new local user group in Win2008. I went over the System.DirectoryServices.AccountManagement namespace and declared the permissions needed:
[SecurityPermissionAttribute(SecurityAction.Assert, Flags = SecurityPermissionFlag.UnmanagedCode)]
[DirectoryServicesPermissionAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)]
[DirectoryServicesPermissionAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
I expected to get an exception when one of these permissions will be denied (i.e. when entering the method). Instead I still get UnauthorizedAccessException when calling the principal Save method.
What am I missing here? I'm looking for an answer more in regards to using the permissions attributes, than a solution to this specific issue.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您在这里指的是安全属性,它们是.Net 中代码访问安全性的一部分。这不会解决您的问题。
您收到未经授权的访问异常,因为您的应用程序的身份(正在运行进程和/或当前模拟的用户帐户)没有访问权限来调用试图影响域的 .Save 方法。
您需要一个已被授予修改您尝试访问的给定域/林中的活动目录的权限的用户帐户,以便使您的应用程序正常运行。
我相信您可以理解,修改活动目录的能力被视为特权操作。
You are referring to security attributes here which are part of the Code access security in .Net. This will not address your issue.
You are receiving an Unauthorized access exception because the identity of your application (the user account who is running the process and/or currently impersonated) does not have access rights to call the .Save method which is trying to affect the domain.
You need a user account who has been given privileges to modify the active directory in the given domain/forest you are attempting to access in order to make your application work.
I'm sure you can understand that the ability to modify the active directory is considered a privileged operation.