I'm building Active Directory Authentication into my application and I am planning to link my application's internal accounts to a user's domain SID. It is easier for me to work with the string format of the sid than a byte array so I was planning to store it in the database as a string. How long should I make the field to ensure SID's will not get truncated?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
I had the same question, and I believe the right answer is:
- ID as string: 184 characters, or varchar(184) in SQL Server
- SID as string of Hex digits: 136 characters, or varchar(136) in SQL Server
- SID as binary: 68 bytes, or varbinary(68) in SQL Server
I haven't checked the math myself, but the technique used here looks valid: https://groups.google.com/d/msg/microsoft.public.dotnet.security/NpIi7c2Toi8/31SVhcepY58J
Refer to the program written by Russell Mangel on Aug 19, 2006, also copied here for reference:
So the answer to my question is:
varbinary(68)-- pure binary
varchar(136) -- (68*2) = hexString
varchar(184) -- SID StringI wrote a little program to test, notice that .NET 2.0 has SecurityIdentifier.MaxBinaryLength, I didn't know about this.
Console.WriteLine("SID Min. num Bytes: {0}", SecurityIdentifier.MinBinaryLength); Console.WriteLine("SID Max. num Bytes: {0}", SecurityIdentifier.MaxBinaryLength); Byte[] bytes = new byte[SecurityIdentifier.MaxBinaryLength]; for (Int32 i = 0; i < bytes.Length; i++) { bytes[i] = 0xFF; } bytes[0] = 0x01; // Must be 1 bytes[1] = 0x0F; // Max 15 (base10) SecurityIdentifier sid = new SecurityIdentifier(bytes, 0); String sidString = sid.ToString(); Console.WriteLine("Max length of SID in String format: {0} ", sidString.Length); Console.WriteLine(sidString);Results
SID Min. num Bytes: 8 SID Max. num Bytes: 68 Max length of SID in String format: 184 S-1-281474976710655-4294967295-4294967295-4294967295-4294967295-4294967295- 4294967295-4294967295-4294967295-4294967295-4294967295-4294967295- 4294967295-4294967295-4294967295-4294967295
回答2:
- For string format, the common answer of 184 isn't correct. If authority is between 32 and the maximum of 48 bits, then it must be represented as a hex string, not decimal, and prepended with '0x'. This means instead of a 15-character string needed to represent the maximum 48 bits in decimal, you actually need a (48 bit / 4 bit + 2) 14 character string, meaning (184 - 15 + 14) 183 characters are required for whole SID string. For less than 32 bits, decimal format is used (maximum 10 decimal characters).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 姐就是有狂的资本 的文章《What is the maximum length of a SID in SDDL format》','https://www.manongdao.com/article-555243.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}