Show / Hide Table of Contents

    Class WindowsSecurityHelper

    Provides helper methods related to Windows security API.

    Inheritance
    Object
    WindowsSecurityHelper
    Inherited Members
    Object.ToString()
    Object.Equals(Object)
    Object.Equals(Object, Object)
    Object.ReferenceEquals(Object, Object)
    Object.GetHashCode()
    Object.GetType()
    Object.MemberwiseClone()
    Namespace: Nevatech.Vsb.Repository.Security
    Assembly: Nevatech.Vsb.Repository.dll
    Syntax
    public static class WindowsSecurityHelper

    Fields

    LocalServiceAccountName

    Localized name of the Local Service system account.

    Declaration
    public static readonly string LocalServiceAccountName
    Field Value
    Type Description
    String

    LocalSystemAccountName

    Localized name of the Local System system account.

    Declaration
    public static readonly string LocalSystemAccountName
    Field Value
    Type Description
    String

    NetworkServiceAccountName

    Localized name of the Network Service system account.

    Declaration
    public static readonly string NetworkServiceAccountName
    Field Value
    Type Description
    String

    Methods

    Canonicalize(ObjectSecurity)

    Ensures that provided Access Control List (ACL) is in canonical order.

    Declaration
    public static void Canonicalize(this ObjectSecurity accessControlList)
    Parameters
    Type Name Description
    ObjectSecurity accessControlList

    Access Control List (ACE) that needs to be sorted in canonical order.

    Remarks

    A canonical ACL must have ACEs sorted according to the following order:

    1. Access-denied on the object
    2. Access-denied on a child or property
    3. Access-allowed on the object
    4. Access-allowed on a child or property
    5. All inherited ACEs

    GetDomainName()

    Returns domain name that current machine is joined to.

    Declaration
    public static string GetDomainName()
    Returns
    Type Description
    String

    Domain name that current machine is joined to, or Null, if machine is not joined to a domain.

    GetServicePrincipalName()

    Returns Service Principal Name (SPN) corresponding to the current host.

    Declaration
    public static string GetServicePrincipalName()
    Returns
    Type Description
    String

    Service Principal Name (SPN) corresponding to the current host.

    GetUserPrincipalName(String)

    Returns User Principal Name (UPN) corresponding to provided user's SAM name.

    Declaration
    public static string GetUserPrincipalName(string domainAndUserName)
    Parameters
    Type Name Description
    String domainAndUserName

    Domain and user name (formatted like 'domain\username') of the user whose UPN needs to be retrieved.

    Returns
    Type Description
    String

    User Principal Name (UPN) corresponding to provided user's SAM name.

    IsLocal(String)

    Checks provided host name, machine name, or IP address, and returns flag indicating that, it belongs to the local machine.

    Declaration
    public static bool IsLocal(string serverNameOrAddress)
    Parameters
    Type Name Description
    String serverNameOrAddress

    Host name, machine name, or IP address that needs to be validated.

    Returns
    Type Description
    Boolean

    True, if provided address belongs to the local machine. False, otherwise.

    LogOnUser(String, String)

    Attempts to log a user on to the local computer using provided credentials and returns user Windows identity.

    Declaration
    public static WindowsIdentity LogOnUser(string userName, string password)
    Parameters
    Type Name Description
    String userName

    Name of the user account to log on to.

    String password

    String that specifies the plaintext password for the user account specified by userName.

    Returns
    Type Description
    WindowsIdentity

    Windows identity of the logged on user.

    LogOnUser(String, String, String)

    Attempts to log a user on to the local computer using provided local or domain credentials and returns user Windows identity.

    Declaration
    public static WindowsIdentity LogOnUser(string domainName, string userName, string password)
    Parameters
    Type Name Description
    String domainName

    Name of the domain or server whose account database contains the userName account. If this parameter is NULL, the user name must be specified in UPN format. If this parameter is ".", the function validates the account by using only the local account database.

    String userName

    Name of the user account to log on to. If you use the user principal name (UPN) format (like "user@DNS_domain_name"), the domainName parameter must be NULL.

    String password

    String that specifies the plain-text password for the user account specified by userName.

    Returns
    Type Description
    WindowsIdentity

    Windows identity of the logged on user.

    LookupAccountName(String)

    Returns Sid corresponding to provided Windows user account or Windows group registered on the local machine or specified domain.

    Declaration
    public static SecurityIdentifier LookupAccountName(string accountOrGroupName)
    Parameters
    Type Name Description
    String accountOrGroupName

    String that specifies the account name. Use a fully qualified string in the domain_name\user_name format to ensure that method finds the account in the desired domain.

    Returns
    Type Description
    SecurityIdentifier

    Sid structure that corresponds to the account name pointed to by the accountOrGroupName parameter.

    LookupAccountName(String, String, out String, out SidUsageType)

    Returns Sid corresponding to provided Windows user account or Windows group registered on the local machine or specified domain.

    Declaration
    public static SecurityIdentifier LookupAccountName(string accountOrGroupName, string systemName, out string domainName, out SidUsageType sidUsage)
    Parameters
    Type Name Description
    String accountOrGroupName

    String that specifies the account name. Use a fully qualified string in the domain_name\user_name format to ensure that method finds the account in the desired domain.

    String systemName

    String that specifies the name of the system. This string can be the name of a remote computer. If this string is NULL, the account name translation begins on the local system. If the name cannot be resolved on the local system, this function will try to resolve the name using domain controllers trusted by the local system. Generally, specify system name only when the account is in an untrusted domain and the name of a computer in that domain is known.

    String domainName

    Name of the domain where the account name is found. For computers that are not joined to a domain, this is the computer name.

    SidUsageType sidUsage

    SidUsageType enumerated type that indicates the type of the account when the function returns.

    Returns
    Type Description
    SecurityIdentifier

    Sid structure that corresponds to the account name pointed to by the accountOrGroupName parameter.

    LookupApplicationAccountName(String)

    Returns application pool identity Sid corresponding to provided IIS application pool name.

    Declaration
    public static SecurityIdentifier LookupApplicationAccountName(string applicationPoolName)
    Parameters
    Type Name Description
    String applicationPoolName

    IIS application pool name which application identity Sid needs to be retrieved.

    Returns
    Type Description
    SecurityIdentifier

    Sid structure of the application pool identity that corresponds to the pool name pointed to by the applicationPoolName parameter.

    SetCertificatePermission(X509Certificate2, SecurityIdentifier)

    Grants read-only permission to private key of the provided X.509 certificate to the specified Windows account.

    Declaration
    public static void SetCertificatePermission(X509Certificate2 certificate, SecurityIdentifier account)
    Parameters
    Type Name Description
    X509Certificate2 certificate

    X.509 certificate stored in the machine certificate store to grant access to.

    SecurityIdentifier account

    Windows system or user account security identifier which needs access to provided X.509 certificate.

    Remarks

    To get SID of the specific used account use LookupAccountName(String) method.

    To get SID of the system account use the following code snippets: new SecurityIdentifier(WellKnownSidType.LocalServiceSid, null), new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null).

    TranslateSid(String)

    Translate the provided security identifier in SDDL form to Windows group or user account name.

    Declaration
    public static string TranslateSid(string sid)
    Parameters
    Type Name Description
    String sid

    Security identifier that needs to be translated.

    Returns
    Type Description
    String

    Windows group or account nae corresponding to the provided identifier.

    Back to top Nevatech Sentinet 6.5 Online Documentation