User Management with Active Directory—Technique 3: Using the SidIdentifier and IdentityReference Classes

Jump to: navigation, search
Visual C# Tutorials

User Management

© 2006 Pearson Education, Inc.

Technique #3: Using the SidIdentifier and IdentityReference Classes

This last technique uses the SidIdentifier and IdentityReference classes to convert between any of the IdentityReference-derived formats. These classes are available only in .NET 2.0. As demonstrated in Listing 10.21, this is the cleanest and simplest solution out of the three. As long as we are after only one of the IdentityReference formats (of which the widely used NTAccount format is one), we are in pretty good shape.

Listing 10.21: Using SidIdentifier and IdentityReference

//we use the collection in order to 
//batch the request for translation
IdentityReferenceCollection irc 
  = ExpandTokenGroups(user)
    .Translate(typeof(NTAccount));
 
foreach (NTAccount account in irc)
{
  Console.WriteLine(account);    
}
 
//Sample Helper Function
private IdentityReferenceCollection ExpandTokenGroups(
  DirectoryEntry user)
{
  user.RefreshCache(new string[]{"tokenGroups"});
    
  IdentityReferenceCollection irc = 
    new IdentityReferenceCollection();
 
  foreach (byte[] sidBytes in user.Properties["tokenGroups"])
  {
    irc.Add(new SecurityIdentifier(sidBytes, 0));
  }        
  return irc;
}

Each technique we presented has its own advantages and disadvantages. Depending on what information we require, we might choose one or more of the options. For instance, it is entirely plausible that we will want more information about each group, yet we also will want the group’s NT format name. In this case, we might combine techniques #1 and #2 or #1 and #3.


prevpp.png  nextpp.png
C# Online.NET