views:

516

answers:

1

I am wondering if there is a way to check a users permissions against an ACL in c#. I am building a large system that is going to use active directory for authentication and I would like to use as much of windows security plumbing as I can. After spending the last couple of hours browsing the System.Security.AccessControl I am not sure that it provides an easy way to check a users token against its ACL list. It looks like it is much more geared to manipulating windows security descriptors although there are enough abstract classes to implement a custom system.

I have looking at the Authz APIs which seem to much more flexible and have a function (AuthzAccessCheck) which allows the context to be checked against the security descriptor. I am not opposed at all to wrapping them if I need to.

Has anyone else had a similar problem and if so what were the pros and cons as you saw them?

A: 

How is the ACL stored and accessed? Is it possible to have the ACL entries converted to a PrincipalPermission object? If so then you can use the Demand() method to check for access rights, it throws a SecurityException if the users does not have access.

Kjartan Þór Kjartansson