How would you do this?

You are in the process of creating an application that will display confidential employee information.
When your manager informs you that only managers and administrators should be able to view the information,
you utilize windows authentication and .NET role-based security to guarantee this.
The network administrator in your department informs you that he has noticed that there are certain users
that are not managers or administrators are able to view the employee information.
You immediately analyze your code, and discover an issue with domain group memberships.
The network administrator asks you to trace the user account and security identifier (SID) of each user in the application
so that he can use this information to detect users across the enterprise and verify that their group memberships are correct.
How would you do this?

You are in the process of creating an application that will display confidential employee information.
When your manager informs you that only managers and administrators should be able to view the information,
you utilize windows authentication and .NET role-based security to guarantee this.
The network administrator in your department informs you that he has noticed that there are certain users
that are not managers or administrators are able to view the employee information.
You immediately analyze your code, and discover an issue with domain group memberships.
The network administrator asks you to trace the user account and security identifier (SID) of each user in the application
so that he can use this information to detect users across the enterprise and verify that their group memberships are correct.
How would you do this?

A.
Use the following code:
WindowsIdentity curID = WindowsIdentity.GetCurrent ();
NTAccount account = new NTAccount (curID.Name);
SecurityIdentifier sid = (SecurityIdentifier)account.Translate(typeof (SecurityIdentifier));
Trace.Write (“User’s SID is” + sid.Value, “User” + account.Value);

B.
Use the following code:
WindowsIdentity curID = WindowsIdentity.GetCurrent ();
NTAccount account = new NTAccount (curID.Name);
Trace.Write (“User’s SID is” + sid.Value, “User” + account.Value);

C.
Use the following code:
WindowsIdentity curID = WindowsIdentity.GetCurrent ();
Trace.Write (“User’s SID is” + curID.Value, “User” + sid.Name);

D.
Use the following code:
WindowsIdentity curID = WindowsIdentity.GetCurrent ();
SecurityIdentifier sid = new SecurityIdentifier (curID.Name);
Trace.Write (“User’s SID is” + curID.Value, “User” + sid.Name);

Explanation:
This code retrieves the current WindowsIdentity object associated with the user, instantiates an NTAccount object
using the Name property, invokes the Translate method to retrieve the current SecurityIdentifier object,
and invokes the Write method on the Trace class to record the Value property of both the SecurityIdentifier and NTAccount objects.
The GetCurrent method of the WindowsIdentity object represents the identity of the application user.
The NTAccount class represents a Windows user group account in the local Security Accounts Manager (SAM)
or in the Active Directory domain.
The constructor of the NTAccount class accepts either a single string representing the account name or
two strings, one representing the domain name and the other representing the account on that domain.
To facilitate SID lookups, the Translate method takes a Type argument and returns an IdentityReference object.
You must convert or cast the IdentityReference object to a SecurityIdentifier object to retrieve the Sid for the specified account.
The Value property of the SecurityIdentifier and NTAccount class returns a SID and fully- qualified user name string, respectively.
The Write method of the Trace class outputs the specified message into the specified category.
Incorrect Answers:
B: You should not use the code that does not specify the SecurityIdentifier class because the NTAccount class does not have a SID property.
C: You should not use the code that does not specify the NTAccount and SecurityIdentifier classes because there is no SID property in the WindowsIdentity class.
D: You should not use the code that does not specify the NTAccount class because a SecurityIdentifier object
cannot be instantiated using an account name as an argument, and it does not contain a Name property.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


networkmanagers

networkmanagers

I choose A