Skip to content

Added Logic to include local Users and Groups #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
clackner-gpa wants to merge 1 commit into
base: development
Choose a base branch
from
+49 −0
Open

Added Logic to include local Users and Groups #13

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions src/Gemstone.Security/AuthenticationProviders/WindowsAuthenticationProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
using System.Collections.Generic;
using System.DirectoryServices;
using System.Linq;
using System.Management;
using System.Runtime.CompilerServices;
using System.Security.Claims;
using System.Security.Principal;
Expand All @@ -42,6 +43,11 @@ public class WindowsAuthenticationProviderOptions
/// Root path from which LDAP searches should be performed.
/// </summary>
public string? LDAPPath { get; set; }

/// <summary>
/// Flag to indicate whether the UI will also search local Users and Groups.
/// </summary>
public bool AllowLocalAccounts { get; set; } = false;
}

/// <summary>
Expand Down Expand Up @@ -176,6 +182,27 @@ private IEnumerable<IProviderClaim> FindUsers(string searchText)

yield return new ProviderClaim(value, description);
}

if (!Options.AllowLocalAccounts)
yield break;

using ManagementObjectSearcher localSearcher = new ("root\\CIMV2", $"SELECT * FROM Win32_UserAccount WHERE LocalAccount = True AND Name LIKE '{escapedSearchText.Replace("*", "%")}'");

foreach (ManagementObject user in localSearcher.Get())
{
string? name = user["Name"]?.ToString();
string? sid = user["SID"]?.ToString();
string? fullName = user["FullName"]?.ToString();

if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(sid))
continue;

string description = !string.IsNullOrEmpty(fullName)
? $"{name} ({fullName}. Local)"
: $"{name} (Local)";

yield return new ProviderClaim(sid, description);
}
}

private IEnumerable<IProviderClaim> FindGroups(string searchText)
Expand Down Expand Up @@ -222,6 +249,28 @@ private IEnumerable<IProviderClaim> FindGroups(string searchText)

return string.Join('.', dc);
}

if (!Options.AllowLocalAccounts)
yield break;


using ManagementObjectSearcher localSearcher = new("root\\CIMV2", $"SELECT * FROM Win32_Group WHERE LocalAccount = True AND Name LIKE '{escapedSearchText.Replace("*", "%")}'");

foreach (ManagementObject group in localSearcher.Get())
{
string? name = group["Name"]?.ToString();
string? sid = group["SID"]?.ToString();
string? description = group["Description"]?.ToString();

if (string.IsNullOrEmpty(name) || string.IsNullOrEmpty(sid))
continue;

string groupDescription = !string.IsNullOrEmpty(description)
? $"{name} ({description}. Local)"
: $"{name} (Local)";

yield return new ProviderClaim(sid, groupDescription);
}
}

#endregion
Expand Down