问题
I am working on a website to manage active directory. I want to check that whether user has permission to change password or not. So I have to find "ntSecurityDescriptor" property value after that I have to cast it into IADsSecurityDescriptor.
Now if I use DirectorySearcher class then property value is of type System._ComObject and easily casted to IADsSecurityDescriptor. But when I use LdapConnection and SearchResponse I get property value of type.
byte[] array which is unale to cast to IADsSecityDescriptor.
I am getting error
Unable to cast System.Byte[] to IADsSecurityDescriptor
Is there some problem with SearchResponse or I have use some kind of casting technique to achieve this? I have some problem to use DirectoryEntry class so I can only use LdapConnction class.
回答1:
At last I find the answer of my question. This class convert the byte[] to valid security decriptor comobject.
ActiveDs.ADsSecurityUtility secUtility = new ActiveDs.ADsSecurityUtility();
ActiveDs.IADsSecurityDescriptor sd = (IADsSecurityDescriptor)secUtility.ConvertSecurityDescriptor((byte[])attribute[0], (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_RAW, (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
回答2:
I think you should put your effort in trying to use the DirectoryEntry method. You will have very hard times trying to manipulate AD objects with LdapConnection.
If you want to continue the Ldap way, after a quick search, I would give a try to the native (this word says it all) autorization functions. There seems to be interesting things in there, like :
ConvertStringSecurityDescriptorToSecurityDescriptor
http://msdn.microsoft.com/en-us/library/windows/desktop/aa376401%28v=vs.85%29.aspx
C# syntax
[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("Advapi32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
internal static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string StringSecurityDescriptor, uint StringSDRevision, ref IntPtr SecurityDescriptor, IntPtr SecurityDescriptorSize);
来源:https://stackoverflow.com/questions/13437986/property-value-returned-by-directorysearcher-and-searchresponse-are-of-different