NTAccount.Translate 方法因错误而失败部分或全部身份引用无法翻译答案

【问题标题】：NTAccount.Translate Method fails with error Some or all identity references could not be translatedNTAccount.Translate 方法因错误而失败部分或全部身份引用无法翻译
【发布时间】：2012-07-16 07:02:46
【问题描述】：

PipeAccessRule par = new PipeAccessRule("Everyone", PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);

此代码失败并出现错误：

部分或全部身份参考无法翻译。

我想这是因为我在非英语本地启动我的应用时使用了“所有人”。在英文系统上一切正常。

如何避免这种情况？是否有一些枚举描述了一般用户组？

堆栈跟踪：

at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)    
at System.Security.Principal.NTAccount.Translate(Type targetType)    
at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)    
at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)    
at System.IO.Pipes.PipeSecurity.AddAccessRule(PipeAccessRule rule)

【问题讨论】：

标签： c# .net translate user-accounts

【解决方案1】：

由于某些原因，BuiltinUsersSid 在我的情况下似乎无法正常工作（远程服务器可以访问管道但本地访问管道失败！）

这是我用来访问几乎所有内容的代码，现在可以在本地或远程访问管道：

请注意，DomainSid 参数在某些情况下会填充当前用户域

using System.IO.Pipes;
using System.Security.Principal;
using System.Security.AccessControl;
[...]

            PipeSecurity lPipeSecurity = new PipeSecurity();
            try
            {
                PipeAccessRule lPar1 = new PipeAccessRule(@"NT AUTHORITY\NETWORK", PipeAccessRights.FullControl, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar1);
            }
            catch (Exception E1)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give pipe rights to AUTORITY NT NETWORK"+E1.Message);
            }
            try
            {
                System.Security.Principal.SecurityIdentifier lSid = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.BuiltinUsersSid, null);
                PipeAccessRule lPar2 = new PipeAccessRule(lSid, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);

                lPipeSecurity.AddAccessRule(lPar2);
            }
            catch (Exception E2)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give pipe rights to BuiltInSid "+E2.Message);
            }
            try
            {
                PipeAccessRule lPar3 = new PipeAccessRule(string.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName), PipeAccessRights.FullControl, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar3);
            }
            catch (Exception E3)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give pipe rights to current user "+E3.Message);
            }
            try
            {
                System.Security.Principal.SecurityIdentifier lSidWorld = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null);
                PipeAccessRule lPar4 = new PipeAccessRule(lSidWorld, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar4);
            }
            catch (Exception E4)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give rights to World "+E4.Message);
            }

            try
            {
                System.Security.Principal.SecurityIdentifier lSidLocal = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.LocalSid, null);
                PipeAccessRule lPar5 = new PipeAccessRule(lSidLocal, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar5);
            }
            catch (Exception E5)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give rights to Local "+E5.Message);
            }
            try
            {
                PipeAccessRule lPar6 = new PipeAccessRule(@"geneos", PipeAccessRights.FullControl, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar6);
            }
            catch (Exception E6)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give pipe rights to geneos" + E6.Message);
            }
            try
            {
                WindowsIdentity lCurrentId = WindowsIdentity.GetCurrent();
                System.Security.Principal.SecurityIdentifier lSidLocal = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.AccountAdministratorSid, lCurrentId.User.AccountDomainSid);
                PipeAccessRule lPar5 = new PipeAccessRule(lSidLocal, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar5);
            }
            catch (Exception E7)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give rights to administrators " + E7.Message);
            }
            try
            {
                System.Security.Principal.SecurityIdentifier lSidLocal = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.AuthenticatedUserSid, null);
                PipeAccessRule lPar8 = new PipeAccessRule(lSidLocal, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar8);
            }
            catch (Exception E8)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give rights to authenticated users " + E8.Message);
            }
            try
            {
                WindowsIdentity lCurrentId = WindowsIdentity.GetCurrent();
                System.Security.Principal.SecurityIdentifier lSidLocal = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.AuthenticatedUserSid, lCurrentId.User.AccountDomainSid);
                PipeAccessRule lPar9 = new PipeAccessRule(lSidLocal, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);
                lPipeSecurity.AddAccessRule(lPar9);
            }
            catch (Exception E9)
            {
                Console.WriteLine(PrinterBase.DumpTimestamp(DateTime.UtcNow, true) + ": Exception when trying to give rights to authenticated users on current user domain " + E9.Message);
            }


            lPipeServer = new NamedPipeServerStream(
                lNamedPipe, 
                PipeDirection.InOut, 
                NamedPipeServerStream.MaxAllowedServerInstances, 
                PipeTransmissionMode.Byte, 
                PipeOptions.Asynchronous, 
                0, 
                0, 
                lPipeSecurity);

【讨论】：

【解决方案2】：

使用 PipeAccessRule 和 SecurityIdentifier 的第二个构造函数代替字符串解决：

System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.BuiltinUsersSid, null);
PipeAccessRule par = new PipeAccessRule(sid, PipeAccessRights.ReadWrite, System.Security.AccessControl.AccessControlType.Allow);

【讨论】：

这很好，但如果您想为特定用户或组添加权限？然后怎样呢？你怎么能得到sid？
就我而言，我需要 onlu 内置组。如果不是，我想只使用字符串就足够了，就像我原来的问题一样。
实际上我的问题是在不同的文化中运行相同的代码和平。如果文化相同，我想使用“硬编码”名称是可以的。
+1 但以防万一其他人发现此 WellKnownSidType.WorldSid 更接近使用 "Everyone" 的原始意图