本文整理汇总了C#中System.Security.AccessControl.CommonSecurityDescriptor.PurgeAccessControl方法的典型用法代码示例。如果您正苦于以下问题:C# CommonSecurityDescriptor.PurgeAccessControl方法的具体用法?C# CommonSecurityDescriptor.PurgeAccessControl怎么用?C# CommonSecurityDescriptor.PurgeAccessControl使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.AccessControl.CommonSecurityDescriptor的用法示例。
在下文中一共展示了CommonSecurityDescriptor.PurgeAccessControl方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: ComputeSDDLFromConfiguration
/// <summary>
/// Builds a session SDDL based on the provided configuration hashtable.
/// Retrieves RequiredGroups information to add conditional group membership restrictions to SDDL.
/// Retrieves RoleDefinitions information to include role user accounts.
/// </summary>
/// <param name="configTable"></param>
/// <param name="accessMode"></param>
/// <param name="error"></param>
/// <returns>SDDL</returns>
internal static string ComputeSDDLFromConfiguration(
Hashtable configTable,
PSSessionConfigurationAccessMode accessMode,
out ErrorRecord error)
{
Dbg.Assert(configTable != null, "configTable input parameter cannot be null.");
string sddl = string.Empty;
error = null;
// RoleDefinitions
if (configTable.ContainsKey(ConfigFileConstants.RoleDefinitions))
{
// Start with known good security descriptor.
if (accessMode == PSSessionConfigurationAccessMode.Local)
{
sddl = PSSessionConfigurationCommandBase.GetLocalSddl();
}
else if (accessMode == PSSessionConfigurationAccessMode.Remote)
{
sddl = PSSessionConfigurationCommandBase.GetRemoteSddl();
}
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor(false, false, sddl);
// Purge all existing access rules so that only role definition principals are granted access.
List<SecurityIdentifier> sidsToRemove = new List<SecurityIdentifier>();
foreach (CommonAce ace in descriptor.DiscretionaryAcl)
{
sidsToRemove.Add(ace.SecurityIdentifier);
}
foreach (var sidToRemove in sidsToRemove)
{
descriptor.PurgeAccessControl(sidToRemove);
}
Hashtable roleNamesHash = configTable[ConfigFileConstants.RoleDefinitions] as Hashtable;
foreach (object roleName in roleNamesHash.Keys)
{
string roleNameValue = roleName.ToString();
try
{
NTAccount ntAccount = new NTAccount(roleNameValue);
SecurityIdentifier accountSid = (SecurityIdentifier)ntAccount.Translate(typeof(SecurityIdentifier));
// AccessMask = 268435456 == 0x10000000 == GR == Generic Read
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, accountSid, 268435456, InheritanceFlags.None, PropagationFlags.None);
}
catch (IdentityNotMappedException e)
{
string message = StringUtil.Format(RemotingErrorIdStrings.CouldNotResolveRoleDefinitionPrincipal, roleNameValue, e.Message);
InvalidOperationException ioe = new InvalidOperationException(message, e);
error = new ErrorRecord(ioe, "CouldNotResolveRoleDefinitionPrincipal", ErrorCategory.ObjectNotFound, roleNameValue);
}
}
if (descriptor.DiscretionaryAcl.Count > 0)
{
sddl = descriptor.GetSddlForm(AccessControlSections.All);
// RequiredGroups
string conditionalGroupACE = CreateConditionalACEFromConfig(configTable);
if (conditionalGroupACE != null)
{
sddl = UpdateSDDLUsersWithGroupConditional(sddl, conditionalGroupACE);
}
}
}
return sddl;
}示例2: PurgeDefaultDacl
public void PurgeDefaultDacl ()
{
SecurityIdentifier userSid = new SecurityIdentifier ("SY");
SecurityIdentifier groupSid = new SecurityIdentifier ("BA");
SecurityIdentifier everyoneSid = new SecurityIdentifier ("WD");
CommonSecurityDescriptor csd = new CommonSecurityDescriptor
(false, false, ControlFlags.None, userSid, groupSid, null, null);
DiscretionaryAcl dacl = csd.DiscretionaryAcl;
Assert.AreEqual (1, dacl.Count);
csd.PurgeAccessControl (userSid);
Assert.AreEqual (1, dacl.Count);
csd.PurgeAccessControl (everyoneSid);
Assert.AreEqual (0, dacl.Count);
}