Convert SID to Username in C#

后端 未结 2 1995
不思量自难忘°
不思量自难忘° 2021-01-14 11:37

In .net, I can create a NTAccount using domain and username, and get it\'s SID.

But I cannot convert the SID back to NTAccount using translate function.

相关标签:
2条回答
  • 2021-01-14 11:56

    SecurityIdentifier.Translate() method works only on domain accounts so perhaps your computer not attached to domain. To resolve local SIDs into account name you can use Win32 API function LookupAccountSid() look here for example.

    0 讨论(0)
  • 2021-01-14 12:04

    Instead of using the SecurityIdentifier, you can use an easier and more general use of DirectoryServices in .NET.

    In codeproject, there is a nice sample of this: http://www.codeproject.com/KB/cs/getusersid.aspx

    The code is:

    private string GetSid(string strLogin)
    {
        string str = "";
        // Parse the string to check if domain name is present.
        int idx = strLogin.IndexOf('\\');
        if (idx == -1)
        {
            idx = strLogin.IndexOf('@');
        }
    
        string strDomain;
        string strName;
    
        if (idx != -1)
        {
            strDomain = strLogin.Substring(0, idx);
            strName = strLogin.Substring(idx+1);
        }
        else
        {
            strDomain = Environment.MachineName;
            strName = strLogin;
        }
    
    
        DirectoryEntry obDirEntry = null;
        try
        {
            Int64 iBigVal = 5;
            Byte[] bigArr = BitConverter.GetBytes(iBigVal);
            obDirEntry = new DirectoryEntry("WinNT://" + 
                                  strDomain + "/" + strName);
            System.DirectoryServices.PropertyCollection  
                               coll = obDirEntry.Properties;
            object obVal = coll["objectSid"].Value;
            if (null != obVal)
            {
                str = this.ConvertByteToStringSid((Byte[])obVal);
            }
    
        }
        catch (Exception ex)
        {
            str = "";
            Trace.Write(ex.Message);
        }
        return str;
    }
    
    private string ConvertByteToStringSid(Byte[] sidBytes)
    {
        StringBuilder strSid = new StringBuilder();
        strSid.Append("S-");
        try
        {
            // Add SID revision.
            strSid.Append(sidBytes[0].ToString());
            // Next six bytes are SID authority value.
            if (sidBytes[6] != 0 || sidBytes[5] != 0)
            {
                string strAuth = String.Format
                    ("0x{0:2x}{1:2x}{2:2x}{3:2x}{4:2x}{5:2x}",
                    (Int16)sidBytes[1],
                    (Int16)sidBytes[2],
                    (Int16)sidBytes[3],
                    (Int16)sidBytes[4],
                    (Int16)sidBytes[5],
                    (Int16)sidBytes[6]);
                strSid.Append("-");
                strSid.Append(strAuth);
            }
            else
            {
                Int64 iVal = (Int32)(sidBytes[1]) +
                    (Int32)(sidBytes[2] << 8) +
                    (Int32)(sidBytes[3] << 16) +
                    (Int32)(sidBytes[4] << 24);
                strSid.Append("-");
                strSid.Append(iVal.ToString());
            }
    
            // Get sub authority count...
            int iSubCount = Convert.ToInt32(sidBytes[7]);
            int idxAuth = 0;
            for (int i = 0; i < iSubCount; i++)
            {
                idxAuth = 8 + i * 4;
                UInt32 iSubAuth = BitConverter.ToUInt32(sidBytes, idxAuth);
                strSid.Append("-");
                strSid.Append(iSubAuth.ToString());
            }
        }
        catch (Exception ex)
        {
            Trace.Warn(ex.Message);
            return "";
        }
        return strSid.ToString();
    }
    

    There is also a conversion from SID bytes to String in the article.

    0 讨论(0)
提交回复
热议问题