|
|
Hi.
I am looking for a way to emulate Exchange 2000/2003 security on a solution
and I am stuck. I have read A LOT, but my experience in this particular
field is not sufficient. So I have a couple of questions I hope I can get an
answer to.
I am using C# and .NET Framework 1.1 for development. At this point 2.0 is
not the in the development scope.
I am struggling with authentication process. I have the binary value of
PR_NT_SECURITY_DESCRIPTOR, so I should be able to pInvoke AccessCheck() in
Advapi32.DLL to help me. BUT then I read Larry Ostermans article at
http://msexchangeteam.com/archive/2004/06/23/163895.aspx and he says:
"Now we don't need to consider most of the flags, but there are a couple of
interesting flags. In particular, there's the INHERIT_ONLY flag which
indicates that the ACE should be ignored on an access check - cool! We have
a way of "hiding" ACEs from AccessCheck. The next ACE flag of interest is
the OBJECT_INHERIT_ACE - this indicates an ACE that applies to objects in a
container (or messages in a folder!)."
Does that mean that I can not use AccessCheck() for checking security the
Exchange items, or do I need to loop backwards in the Parent/Child folder
structure to find a SD that will give me the needed information.
I think, but that does not necessarily mean it is correct, that since the
security is inherited from a parent (unless explicitly set) I need to scroll
back to find an SD that meets the criteria for being able to use
AccessCheck()
When looking at Exchange 5.5, what will PR_ACL_DATA and PR_EXTENDED_ACL_DATA
provide of security? I have read that the user will get authenticated at
logon with the store's SD and from thereon the Exchange DN for the user
takes over when authenticating against items in the store. Is that correct
??
Can anyone point me to some examples, preferably .NET, on how this would
work??
Regards
Vilma
|
|