2019-03-10 00:06:51 -05:00
|
|
|
|
using System;
|
2020-12-18 19:51:35 -05:00
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
using System.Linq;
|
|
|
|
|
using System.Runtime.InteropServices;
|
2019-03-10 00:06:51 -05:00
|
|
|
|
using System.Security.Principal;
|
2020-12-18 19:51:35 -05:00
|
|
|
|
using static Vanara.PInvoke.AdvApi32;
|
2017-11-27 13:11:20 -05:00
|
|
|
|
|
|
|
|
|
namespace Vanara.Security
|
|
|
|
|
{
|
2018-04-05 16:17:33 -04:00
|
|
|
|
/// <summary>Helper methods for working with <see cref="WindowsIdentity"/> and user names.</summary>
|
2017-11-27 13:11:20 -05:00
|
|
|
|
public static partial class AccountUtils
|
|
|
|
|
{
|
2020-03-01 20:59:39 -05:00
|
|
|
|
/// <summary>Returns a value indicating if the Windows identity is an administrator.</summary>
|
|
|
|
|
/// <param name="id">The identity to evaluate.</param>
|
|
|
|
|
/// <returns><see langword="true"/> if the identity is in an Administrator role.</returns>
|
2017-11-27 13:11:20 -05:00
|
|
|
|
public static bool IsAdmin(this WindowsIdentity id) => new WindowsPrincipal(id).IsInRole(WindowsBuiltInRole.Administrator);
|
|
|
|
|
|
2020-03-01 20:59:39 -05:00
|
|
|
|
/// <summary>Returns a value indicating if the Windows identity is a service account.</summary>
|
|
|
|
|
/// <param name="id">The identity to evaluate.</param>
|
|
|
|
|
/// <returns><see langword="true"/> if the identity is in a service account.</returns>
|
2017-11-27 13:11:20 -05:00
|
|
|
|
public static bool IsServiceAccount(this WindowsIdentity id)
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var acct = new NTAccount(id.Name);
|
2020-01-01 22:55:22 -05:00
|
|
|
|
|
2020-12-18 19:51:35 -05:00
|
|
|
|
var si = (SecurityIdentifier)acct.Translate(typeof(SecurityIdentifier));
|
2020-01-01 22:55:22 -05:00
|
|
|
|
|
|
|
|
|
return si.IsWellKnown(WellKnownSidType.LocalSystemSid) || si.IsWellKnown(WellKnownSidType.NetworkServiceSid) || si.IsWellKnown(WellKnownSidType.LocalServiceSid) || si.IsWellKnown(WellKnownSidType.ServiceSid);
|
2017-11-27 13:11:20 -05:00
|
|
|
|
}
|
|
|
|
|
catch { }
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-10 00:06:51 -05:00
|
|
|
|
/// <summary>Runs the specified function as the impersonated Windows identity.</summary>
|
|
|
|
|
/// <param name="identity">The impersonated identity under which to run the function.</param>
|
|
|
|
|
/// <param name="func">The System.Func to run.</param>
|
|
|
|
|
public static void Run(this WindowsIdentity identity, Action func)
|
|
|
|
|
{
|
2020-08-23 14:47:44 -04:00
|
|
|
|
if (identity is null)
|
2020-12-18 19:51:35 -05:00
|
|
|
|
{
|
2019-03-10 00:06:51 -05:00
|
|
|
|
func();
|
2020-12-18 19:51:35 -05:00
|
|
|
|
}
|
2020-08-23 14:47:44 -04:00
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
#if NETFRAMEWORK
|
|
|
|
|
using (new Principal.WindowsImpersonatedIdentity(identity))
|
|
|
|
|
func();
|
2019-03-10 00:06:51 -05:00
|
|
|
|
#else
|
2020-08-23 14:47:44 -04:00
|
|
|
|
WindowsIdentity.RunImpersonated(identity.AccessToken, func);
|
2019-03-10 00:06:51 -05:00
|
|
|
|
#endif
|
2020-08-23 14:47:44 -04:00
|
|
|
|
}
|
2019-03-10 00:06:51 -05:00
|
|
|
|
}
|
|
|
|
|
/// <summary>Runs the specified function as the impersonated Windows identity.</summary>
|
|
|
|
|
/// <typeparam name="T">The type of object used by and returned by the function.</typeparam>
|
|
|
|
|
/// <param name="identity">The impersonated identity under which to run the function.</param>
|
|
|
|
|
/// <param name="func">The System.Func to run.</param>
|
|
|
|
|
/// <returns>The result of the function.</returns>
|
|
|
|
|
public static T Run<T>(this WindowsIdentity identity, Func<T> func)
|
|
|
|
|
{
|
|
|
|
|
if (identity is null) return func();
|
2020-03-01 20:59:39 -05:00
|
|
|
|
#if NETFRAMEWORK
|
2019-03-10 00:06:51 -05:00
|
|
|
|
using (new Principal.WindowsImpersonatedIdentity(identity))
|
|
|
|
|
return func();
|
|
|
|
|
#else
|
|
|
|
|
return WindowsIdentity.RunImpersonated(identity.AccessToken, func);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-01 20:59:39 -05:00
|
|
|
|
/// <summary>Gets the SDDL formatted SID value from a user name.</summary>
|
|
|
|
|
/// <param name="userName">Name of the user.</param>
|
|
|
|
|
/// <returns>The SDDL SID string.</returns>
|
2017-11-27 13:11:20 -05:00
|
|
|
|
public static string SidStringFromUserName(string userName)
|
|
|
|
|
{
|
|
|
|
|
var acct = new NTAccount(userName);
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var si = (SecurityIdentifier)acct.Translate(typeof(SecurityIdentifier));
|
|
|
|
|
return si.ToString();
|
|
|
|
|
}
|
|
|
|
|
catch { }
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-01 20:59:39 -05:00
|
|
|
|
/// <summary>Get a user name for a supplied SDDL SID string.</summary>
|
|
|
|
|
/// <param name="sid">The SID string in SDDL format.</param>
|
|
|
|
|
/// <returns>The full user name of the identity referred to by <paramref name="sid"/>.</returns>
|
2017-11-27 13:11:20 -05:00
|
|
|
|
public static string UserNameFromSidString(string sid)
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
var si = new SecurityIdentifier(sid);
|
|
|
|
|
var acct = (NTAccount)si.Translate(typeof(NTAccount));
|
|
|
|
|
return acct.Value;
|
|
|
|
|
}
|
|
|
|
|
catch { }
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|