Localization for security identity in .NET

2019-04-05 18:06发布

问题:

I was looking to implement a named pipe for service/client communication in .NET and came across this code that, while initializing server side of the pipe had to set up a security descriptor for the pipe. They did it this way:

PipeSecurity pipeSecurity = new PipeSecurity();

// Allow Everyone read and write access to the pipe.
pipeSecurity.SetAccessRule(new PipeAccessRule("Authenticated Users",
    PipeAccessRights.ReadWrite, AccessControlType.Allow));

// Allow the Administrators group full access to the pipe.
pipeSecurity.SetAccessRule(new PipeAccessRule("Administrators",
    PipeAccessRights.FullControl, AccessControlType.Allow));

But I'm looking at it, and I'm concerned about specifying SIDs as strings, or Authenticated Users and Administrators parts. What is the guarantee that they will be called that, say, in Chinese or some other language?

回答1:

(Extracted from OP's original question)

I came up with this alternative:

PipeSecurity pipeSecurity = new PipeSecurity();

// Allow Everyone read and write access to the pipe.
pipeSecurity.SetAccessRule(new PipeAccessRule(
    "Authenticated Users",
    new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),   
    PipeAccessRights.ReadWrite, AccessControlType.Allow));

// Allow the Administrators group full access to the pipe.
pipeSecurity.SetAccessRule(new PipeAccessRule(
    "Administrators",
    new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null),   
    PipeAccessRights.FullControl, AccessControlType.Allow));


回答2:

You can use WellKnownSidType enum to get sid and translate into IdentityReference:

        var sid = new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null);
        var everyone = sid.Translate(typeof(NTAccount));
        security.AddAccessRule(new PipeAccessRule(everyone, PipeAccessRights.ReadWrite, AccessControlType.Allow));