Login/Register
Convert SID to Username in C#
Asked Answered
Solved c#.netsid
N

2

3

In .net, I can create a NTAccount using domain and username, and get it's SID.

But I cannot convert the SID back to NTAccount using translate function.

new SecurityIdentifier(stringSid).Translate(typeof(NTAccount)).ToString();

And this two way conversion code has no problem running on Domain Controller.

Maybe some configuration wrong?

Nutria answered 29/9, 2011 at 5:51 Comment(1)
possible duplicate of The best way to resolve display username by SID?Bethsaida
A
4

SecurityIdentifier.Translate() method works only on domain accounts so perhaps your computer not attached to domain. To resolve local SIDs into account name you can use Win32 API function LookupAccountSid() look here for example.

Abysm answered 29/9, 2011 at 6:6 Comment(2)
the machine already login into the domain using domain account,the account not exists in localNutria
@Nutria hmm.. that strange may be some problems with access to domain controller, anyway LookupAccountSid can help you to find user name even if it not local accountAbysm
B
1

Instead of using the SecurityIdentifier, you can use an easier and more general use of DirectoryServices in .NET.

In codeproject, there is a nice sample of this: http://www.codeproject.com/KB/cs/getusersid.aspx

The code is:

private string GetSid(string strLogin)
{
    string str = "";
    // Parse the string to check if domain name is present.
    int idx = strLogin.IndexOf('\\');
    if (idx == -1)
    {
        idx = strLogin.IndexOf('@');
    }

    string strDomain;
    string strName;

    if (idx != -1)
    {
        strDomain = strLogin.Substring(0, idx);
        strName = strLogin.Substring(idx+1);
    }
    else
    {
        strDomain = Environment.MachineName;
        strName = strLogin;
    }


    DirectoryEntry obDirEntry = null;
    try
    {
        Int64 iBigVal = 5;
        Byte[] bigArr = BitConverter.GetBytes(iBigVal);
        obDirEntry = new DirectoryEntry("WinNT://" + 
                              strDomain + "/" + strName);
        System.DirectoryServices.PropertyCollection  
                           coll = obDirEntry.Properties;
        object obVal = coll["objectSid"].Value;
        if (null != obVal)
        {
            str = this.ConvertByteToStringSid((Byte[])obVal);
        }

    }
    catch (Exception ex)
    {
        str = "";
        Trace.Write(ex.Message);
    }
    return str;
}

private string ConvertByteToStringSid(Byte[] sidBytes)
{
    StringBuilder strSid = new StringBuilder();
    strSid.Append("S-");
    try
    {
        // Add SID revision.
        strSid.Append(sidBytes[0].ToString());
        // Next six bytes are SID authority value.
        if (sidBytes[6] != 0 || sidBytes[5] != 0)
        {
            string strAuth = String.Format
                ("0x{0:2x}{1:2x}{2:2x}{3:2x}{4:2x}{5:2x}",
                (Int16)sidBytes[1],
                (Int16)sidBytes[2],
                (Int16)sidBytes[3],
                (Int16)sidBytes[4],
                (Int16)sidBytes[5],
                (Int16)sidBytes[6]);
            strSid.Append("-");
            strSid.Append(strAuth);
        }
        else
        {
            Int64 iVal = (Int32)(sidBytes[1]) +
                (Int32)(sidBytes[2] << 8) +
                (Int32)(sidBytes[3] << 16) +
                (Int32)(sidBytes[4] << 24);
            strSid.Append("-");
            strSid.Append(iVal.ToString());
        }

        // Get sub authority count...
        int iSubCount = Convert.ToInt32(sidBytes[7]);
        int idxAuth = 0;
        for (int i = 0; i < iSubCount; i++)
        {
            idxAuth = 8 + i * 4;
            UInt32 iSubAuth = BitConverter.ToUInt32(sidBytes, idxAuth);
            strSid.Append("-");
            strSid.Append(iSubAuth.ToString());
        }
    }
    catch (Exception ex)
    {
        Trace.Warn(ex.Message);
        return "";
    }
    return strSid.ToString();
}

There is also a conversion from SID bytes to String in the article.

Betsey answered 29/9, 2011 at 6:11 Comment(1)
Question was: SID -> Display user name You answered: User Account Name -> SIDEvelinevelina

© 2022 - 2024 — McMap. All rights reserved.