Home
Products
Forums
Help
Publish Article

How to get user SID using DirectoryServices classes

This article demonstrates how you can make use of DirectoryServices namespace classes to get a user's SID. This code does not make use of PInvoke to call into Win32 APIs to get the required information. We have extended the concepts of our previous article, How to get full name of logged in user, to show how every piece of information can be obtained by using DirectoryEntry object for a given user.

User's sid is returned by accessing objectSid property of DirectoryEntry obect. The value is returned as Byte [] array. This byte array can be parsed to get string representation of SID value. The binary representation of SID consists of following values.

PSID_IDENTIFIER_AUTHORITY		- First 6 bytes
SubAuthorityCount			- Next 1 Byte
SubAuthority0				- Next 4 bytes
SubAuthority1				- Next 4 bytes
SubAuthority2				- Next 4 bytes
SubAuthority3				- Next 4 bytes
SubAuthority4				- Next 4 bytes
SubAuthority5				- Next 4 bytes
SubAuthority6				- Next 4 bytes
SubAuthority7				- Next 4 bytes							
							

Number of subauthority values depend upon value of SubAuthorityCount. The max number of subauthorities is 8.

private string GetSid(string strLogin)
{
	string str = "";
	// Parse the string to check if domain name is present.
	int idx = strLogin.IndexOf('\\');
	if (idx == -1)
	{
		idx = strLogin.IndexOf('@');
	}

	string strDomain;
	string strName;

	if (idx != -1)
	{
		strDomain = strLogin.Substring(0, idx);
		strName = strLogin.Substring(idx+1);
	}
	else
	{
		strDomain = Environment.MachineName;
		strName = strLogin;
	}

	
	DirectoryEntry obDirEntry = null;
	try
	{
		Int64 iBigVal = 5;
		Byte[] bigArr = BitConverter.GetBytes(iBigVal);
		obDirEntry = new DirectoryEntry("WinNT://" + strDomain + "/" + strName);
		System.DirectoryServices.PropertyCollection  coll = obDirEntry.Properties;
		object obVal = coll["objectSid"].Value;
		if (null != obVal)
		{
			str = this.ConvertByteToStringSid((Byte[])obVal);
		}
		
	}
	catch (Exception ex)
	{
		str = "";
		Trace.Write(ex.Message);
	}
	return str;
}

private string ConvertByteToStringSid(Byte[] sidBytes)
{
	short sSubAuthorityCount = 0;
	StringBuilder strSid = new StringBuilder();
	strSid.Append("S-");
	try
	{
		// Add SID revision.
		strSid.Append(sidBytes[0].ToString());
		
		sSubAuthorityCount = Convert.ToInt16(sidBytes[1]);
		
		// Next six bytes are SID authority value.
		if (sidBytes[2] != 0 || sidBytes[3] != 0)
		{
			string strAuth = String.Format("0x{0:2x}{1:2x}{2:2x}{3:2x}{4:2x}{5:2x}",
						(Int16)sidBytes[2],
						(Int16)sidBytes[3],
						(Int16)sidBytes[4],
						(Int16)sidBytes[5],
						(Int16)sidBytes[6],
						(Int16)sidBytes[7]);
			strSid.Append("-");
			strSid.Append(strAuth);
		}
		else
		{
			Int64 iVal = (Int32)(sidBytes[7]) +
					(Int32)(sidBytes[6] << 8) +
					(Int32)(sidBytes[5] << 16) +
					(Int32)(sidBytes[4] << 24);
			strSid.Append("-");
			strSid.Append(iVal.ToString());
		}

		// Get sub authority count...
		int idxAuth = 0;
		for (int i = 0; i < sSubAuthorityCount; i++)
		{
			idxAuth = 8 + i * 4;
			UInt32 iSubAuth = BitConverter.ToUInt32(sidBytes, idxAuth);
			strSid.Append("-");
			strSid.Append(iSubAuth.ToString());
		}
	}
	catch (Exception ex)
	{
		Trace.Warn(ex.Message);
		return "";
	}
	return strSid.ToString();
}							
							

Please feel free to send your suggestions directly to us at support@netomatix.com.

Go Freelance
Home     About us     Contact us    Copyright    Privacy Policy    Return Policy    Advertisers
Copyright © Netomatix