Access Control List and Security Descriptor

  • Thread starter Thread starter Yosh
  • Start date Start date
Y

Yosh

How do you validate a user that is currently logged in against a Security
Descriptor to see if they have access to an object?

Hope this makes sense.

Thanks,

Yosh
 
Yosh said:
How do you validate a user that is currently logged in against a Security
Descriptor to see if they have access to an object?

Hope this makes sense.

Thanks,

Yosh
Click to expand...

By accessing the object in a try/catch blok, an exception will be thrown if
there is an access violation.

Willy.
 
Yosh said:
How do you validate a user that is currently logged in against a Security
Descriptor to see if they have access to an object?

Hope this makes sense.
Click to expand...

You get the user's security token from
System.Security.Principal.WindowsIdentity. You have to use P/Invoke to call
DuplicateToken to get a token with a SecurityImpersonationLevel of
SecurityIdentification and then you use P/Invoke to call AccessCheck or one
of its variants.

That's the 100,000 foot description.
 
Back
Top