Slawek
Guest
|
 Posted:
Wed Sep 21, 2005 4:59 pm Post subject:
Webdav and S:security_descriptor problem |
|
|
I writed class for updateing public folder security permissions.
When I added permissions for user it work fine in debuging mode of VS.NET
2003. [ AddAuthorACE("http://dc1/Public/FolderMailPost",
"lu-test\\user.slawomir", "user") ]
But when I added the same permissions for group it work fine too in debuging
mode of VS.NET 2003. [AddAuthorACE("http://dc1/Public/FolderMailPost",
"lu-test\\slaweks", "group"]
But when I invoke this code for group I recive on the perrmisions tab on the
folder properties in Outlook 2003 message:
"Same permissions could not be displayed. The client operation failed."
In the Exchange System Manager I recive for this folder Client permissions
message:
"An unknown error has occured
ID no: 8004010f"
When I invoke this code for user I don't recive any error messages.
slaweks - is security global group with e-mail adress
user.slawomir - is domain user
Any help will be apreciate, I attach the code here.
Slawek
using System;
using System.Net;
using ExchangeSDK.DAV;
namespace ExchangeSDK.Application.ITA
{
/// <summary>
/// Summary description for Security.
/// </summary>
public class Security
{
public Security()
{
//
// TODO: Add constructor logic here
//
Common.Username = "Administrator";
Common.Password = "abc";
Common.Domain = "LU-Test";
AddAuthorACE("http://dc1/Public/FolderMailPost", "lu-test\\adrychs",
"group");
}
const string User_AuthFldAllow = "1208ab";
const string User_AuthFldDeny = "DC914";
const string User_AuthSitAllow = "120EA9";
const string User_AuthSitDeny = "1F0716";
const string Grp_AuthFldAllow = "1208ab";
const string Grp_AuthFldDeny = "DC914";
const string Grp_AuthSitAllow = "120EA9";
const string Grp_AuthSitDeny = "1F0716";
private string AddACE(
string Name, string UserType, string Allow, string Deny)
{
string strXML;
strXML = "<?xml version=\"1.0\"?>";
strXML = strXML + "<add
xmlns:S=\"http://schemas.microsoft.com/security/\">";
strXML = strXML + "<S:access_allowed_ace S:inherited=\"0\">";
strXML = strXML + "<S:access_mask>" + Allow.ToString() + "</S:access_mask>";
strXML = strXML + "<S:sid>";
strXML = strXML + "<S:type>" + UserType + "</S:type>";
strXML = strXML + "<S:nt4_compatible_name>" + Name +
"</S:nt4_compatible_name>";
strXML = strXML + "</S:sid>";
strXML = strXML + "</S:access_allowed_ace>";
strXML = strXML + "<S:access_denied_ace S:inherited=\"0\">";
strXML = strXML + "<S:access_mask>" + Deny.ToString() + "</S:access_mask>";
strXML = strXML + "<S:sid>";
strXML = strXML + "<S:nt4_compatible_name>" + Name +
"</S:nt4_compatible_name>";
strXML = strXML + "</S:sid>";
strXML = strXML + "</S:access_denied_ace>";
strXML = strXML + "</add>";
return strXML;
}
public void AddAuthorACE(string FdPath, string NTName, string UserType)
{
string query;
System.Xml.XmlDocument XMLDOM;
System.Xml.XmlDocument XMLRoot;
string strNewNode;
System.Xml.XmlNode xmlNode;
System.Xml.XmlNode effacesnode;
System.Xml.XmlNode subconacesnode;
System.Xml.XmlNode subitemacesnode;
System.Xml.XmlDocument xmlNewACEDom;
System.Xml.XmlNode xmlNewNode;
try
{
XMLDOM = new System.Xml.XmlDocument();
query = "<?xml version=\"1.0\"?>";
query = query + "<a:propfind xmlns:a=\"DAV:\">";
query = query + "<a:prop
xmlns:ex=\"http://schemas.microsoft.com/exchange/security/\">";
query = query + "<ex:descriptor/>";
query = query + "</a:prop>";
query = query + "</a:propfind>";
HTTPProtocolHandler ProHandle = new HTTPProtocolHandler();
string resp = ProHandle.Propfind(FdPath,query);
XMLDOM.LoadXml(resp.Trim());
query = "";
query = "<?xml version=\"1.0\"?>";
query = query + "<a:propertyupdate xmlns:a=\"DAV:\"
xmlns:e=\"http://schemas.microsoft.com/exchange/security/\">";
query = query + "<a:set><a:prop><e:descriptor>";
query = query + "</e:descriptor></a:prop></a:set></a:propertyupdate>";
XMLRoot = new System.Xml.XmlDocument();
XMLRoot.LoadXml(query);
System.Xml.XmlNamespaceManager xmlnsmXMLRoot = new
System.Xml.XmlNamespaceManager(XMLRoot.NameTable);
xmlnsmXMLRoot.AddNamespace("e",
"http://schemas.microsoft.com/exchange/security/");
xmlnsmXMLRoot.AddNamespace("S", "http://schemas.microsoft.com/security/");
xmlNode =
XMLRoot.DocumentElement.SelectSingleNode("//e:descriptor",xmlnsmXMLRoot);
System.Xml.XmlNamespaceManager xmlnsmXMLDOM = new
System.Xml.XmlNamespaceManager(XMLDOM.NameTable);
xmlnsmXMLDOM.AddNamespace("ex",
"http://schemas.microsoft.com/exchange/security/");
xmlnsmXMLDOM.AddNamespace("S", "http://schemas.microsoft.com/security/");
System.Xml.XmlNode node2 =
XMLDOM.DocumentElement.SelectSingleNode("//S:security_descriptor",
xmlnsmXMLDOM);
System.Xml.XmlNode newNode = XMLRoot.ImportNode(node2,true);
xmlNode.AppendChild(newNode);
effacesnode =
XMLRoot.DocumentElement.SelectSingleNode("//S:effective_aces",xmlnsmXMLRoot);
subconacesnode =
XMLRoot.DocumentElement.SelectSingleNode("//S:subcontainer_inheritable_aces",xmlnsmXMLRoot);
subitemacesnode =
XMLRoot.DocumentElement.SelectSingleNode("//S:subitem_inheritable_aces",xmlnsmXMLRoot);
xmlNewACEDom = new System.Xml.XmlDocument();
//Dodawanie uprawnień dla użytkownika/grupy
if (UserType == "user")
{
strNewNode = AddACE(NTName, UserType, User_AuthFldAllow, User_AuthFldDeny);
}
else
{
strNewNode = AddACE(NTName, UserType, Grp_AuthFldAllow, Grp_AuthFldDeny);
}
xmlNewACEDom.LoadXml(strNewNode);
System.Xml.XmlNamespaceManager xmlnsmNewACEDom = new
System.Xml.XmlNamespaceManager(xmlNewACEDom.NameTable);
xmlnsmNewACEDom.AddNamespace("S", "http://schemas.microsoft.com/security/");
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_denied_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode1 = XMLRoot.ImportNode(xmlNewNode,true);
effacesnode.InsertBefore(newNode1,effacesnode.FirstChild);
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_allowed_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode2 = XMLRoot.ImportNode(xmlNewNode,true);
effacesnode.InsertBefore (newNode2,effacesnode.FirstChild);
//Add the sub-container inheritable permission for user/group
if (UserType == "user")
{
strNewNode = AddACE(NTName, UserType, User_AuthFldAllow, User_AuthFldDeny);
}
else
{
strNewNode = AddACE(NTName, UserType, Grp_AuthFldAllow, Grp_AuthFldDeny);
}
xmlNewACEDom.LoadXml(strNewNode);
xmlnsmNewACEDom = new
System.Xml.XmlNamespaceManager(xmlNewACEDom.NameTable);
xmlnsmNewACEDom.AddNamespace("S", "http://schemas.microsoft.com/security/");
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_denied_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode3 = XMLRoot.ImportNode(xmlNewNode,true);
subconacesnode.InsertBefore(newNode3, subconacesnode.FirstChild);
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_allowed_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode4 = XMLRoot.ImportNode(xmlNewNode,true);
subconacesnode.InsertBefore(newNode4, subconacesnode.FirstChild);
//Add the sub-item inheritable Permission for user/group
if (UserType == "user")
{
strNewNode = AddACE(NTName, UserType, User_AuthSitAllow, User_AuthSitDeny);
}
else
{
strNewNode = AddACE(NTName, UserType, Grp_AuthSitAllow, Grp_AuthSitDeny);
}
xmlNewACEDom.LoadXml(strNewNode);
xmlnsmNewACEDom = new
System.Xml.XmlNamespaceManager(xmlNewACEDom.NameTable);
xmlnsmNewACEDom.AddNamespace("S", "http://schemas.microsoft.com/security/");
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_denied_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode5 = XMLRoot.ImportNode(xmlNewNode,true);
subitemacesnode.InsertBefore(newNode5, subitemacesnode.FirstChild);
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_allowed_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode6 = XMLRoot.ImportNode(xmlNewNode,true);
subitemacesnode.InsertBefore(newNode6, subitemacesnode.FirstChild);
// Do a PROPFIND to get the contact properties.
XMLDOM.LoadXml(ProHandle.Proppatch(FdPath,XMLRoot.DocumentElement.OuterXml));
//ProHandle.Delete(FdPath);
}
catch (Exception ex)
{
throw ex;
}
}
}
}
|
|
Henning Krause [MVP - Exc
Guest
|
| Posted:
Wed Sep 21, 2005 4:59 pm Post subject:
Re: Webdav and S:security_descriptor problem |
|
|
Hello,
are you ordering your ACL correctly? The ACL you set must be in Exchange 5.5
canonical order. See
http://msdn.microsoft.com/library/en-us/e2k3/e2k3/_exch2k_exchange_5_5_access_rights.asp
for more.
Greetings,
Henning Krause
MVP - Exchange
http://www.infinitec.de
"Slawek" <ads@lumena.com> wrote in message
news:OqT8vhrvFHA.1648@TK2MSFTNGP10.phx.gbl...
| Quote: | I writed class for updateing public folder security permissions.
When I added permissions for user it work fine in debuging mode of VS.NET
2003. [ AddAuthorACE("http://dc1/Public/FolderMailPost",
"lu-test\\user.slawomir", "user") ]
But when I added the same permissions for group it work fine too in
debuging mode of VS.NET 2003.
[AddAuthorACE("http://dc1/Public/FolderMailPost", "lu-test\\slaweks",
"group"]
But when I invoke this code for group I recive on the perrmisions tab on
the folder properties in Outlook 2003 message:
"Same permissions could not be displayed. The client operation failed."
In the Exchange System Manager I recive for this folder Client permissions
message:
"An unknown error has occured
ID no: 8004010f"
When I invoke this code for user I don't recive any error messages.
slaweks - is security global group with e-mail adress
user.slawomir - is domain user
Any help will be apreciate, I attach the code here.
Slawek
using System;
using System.Net;
using ExchangeSDK.DAV;
namespace ExchangeSDK.Application.ITA
{
/// <summary
/// Summary description for Security.
/// </summary
public class Security
{
public Security()
{
//
// TODO: Add constructor logic here
//
Common.Username = "Administrator";
Common.Password = "abc";
Common.Domain = "LU-Test";
AddAuthorACE("http://dc1/Public/FolderMailPost", "lu-test\\adrychs",
"group");
}
const string User_AuthFldAllow = "1208ab";
const string User_AuthFldDeny = "DC914";
const string User_AuthSitAllow = "120EA9";
const string User_AuthSitDeny = "1F0716";
const string Grp_AuthFldAllow = "1208ab";
const string Grp_AuthFldDeny = "DC914";
const string Grp_AuthSitAllow = "120EA9";
const string Grp_AuthSitDeny = "1F0716";
private string AddACE(
string Name, string UserType, string Allow, string Deny)
{
string strXML;
strXML = "<?xml version=\"1.0\"?>";
strXML = strXML + "<add
xmlns:S=\"http://schemas.microsoft.com/security/\">";
strXML = strXML + "<S:access_allowed_ace S:inherited=\"0\">";
strXML = strXML + "<S:access_mask>" + Allow.ToString() +
"</S:access_mask>";
strXML = strXML + "<S:sid>";
strXML = strXML + "<S:type>" + UserType + "</S:type>";
strXML = strXML + "<S:nt4_compatible_name>" + Name +
"</S:nt4_compatible_name>";
strXML = strXML + "</S:sid>";
strXML = strXML + "</S:access_allowed_ace>";
strXML = strXML + "<S:access_denied_ace S:inherited=\"0\">";
strXML = strXML + "<S:access_mask>" + Deny.ToString() +
"</S:access_mask>";
strXML = strXML + "<S:sid>";
strXML = strXML + "<S:nt4_compatible_name>" + Name +
"</S:nt4_compatible_name>";
strXML = strXML + "</S:sid>";
strXML = strXML + "</S:access_denied_ace>";
strXML = strXML + "</add>";
return strXML;
}
public void AddAuthorACE(string FdPath, string NTName, string UserType)
{
string query;
System.Xml.XmlDocument XMLDOM;
System.Xml.XmlDocument XMLRoot;
string strNewNode;
System.Xml.XmlNode xmlNode;
System.Xml.XmlNode effacesnode;
System.Xml.XmlNode subconacesnode;
System.Xml.XmlNode subitemacesnode;
System.Xml.XmlDocument xmlNewACEDom;
System.Xml.XmlNode xmlNewNode;
try
{
XMLDOM = new System.Xml.XmlDocument();
query = "<?xml version=\"1.0\"?>";
query = query + "<a:propfind xmlns:a=\"DAV:\">";
query = query + "<a:prop
xmlns:ex=\"http://schemas.microsoft.com/exchange/security/\">";
query = query + "<ex:descriptor/>";
query = query + "</a:prop>";
query = query + "</a:propfind>";
HTTPProtocolHandler ProHandle = new HTTPProtocolHandler();
string resp = ProHandle.Propfind(FdPath,query);
XMLDOM.LoadXml(resp.Trim());
query = "";
query = "<?xml version=\"1.0\"?>";
query = query + "<a:propertyupdate xmlns:a=\"DAV:\"
xmlns:e=\"http://schemas.microsoft.com/exchange/security/\">";
query = query + "<a:set><a:prop><e:descriptor>";
query = query + "</e:descriptor></a:prop></a:set></a:propertyupdate>";
XMLRoot = new System.Xml.XmlDocument();
XMLRoot.LoadXml(query);
System.Xml.XmlNamespaceManager xmlnsmXMLRoot = new
System.Xml.XmlNamespaceManager(XMLRoot.NameTable);
xmlnsmXMLRoot.AddNamespace("e",
"http://schemas.microsoft.com/exchange/security/");
xmlnsmXMLRoot.AddNamespace("S", "http://schemas.microsoft.com/security/");
xmlNode =
XMLRoot.DocumentElement.SelectSingleNode("//e:descriptor",xmlnsmXMLRoot);
System.Xml.XmlNamespaceManager xmlnsmXMLDOM = new
System.Xml.XmlNamespaceManager(XMLDOM.NameTable);
xmlnsmXMLDOM.AddNamespace("ex",
"http://schemas.microsoft.com/exchange/security/");
xmlnsmXMLDOM.AddNamespace("S", "http://schemas.microsoft.com/security/");
System.Xml.XmlNode node2 =
XMLDOM.DocumentElement.SelectSingleNode("//S:security_descriptor",
xmlnsmXMLDOM);
System.Xml.XmlNode newNode = XMLRoot.ImportNode(node2,true);
xmlNode.AppendChild(newNode);
effacesnode =
XMLRoot.DocumentElement.SelectSingleNode("//S:effective_aces",xmlnsmXMLRoot);
subconacesnode =
XMLRoot.DocumentElement.SelectSingleNode("//S:subcontainer_inheritable_aces",xmlnsmXMLRoot);
subitemacesnode =
XMLRoot.DocumentElement.SelectSingleNode("//S:subitem_inheritable_aces",xmlnsmXMLRoot);
xmlNewACEDom = new System.Xml.XmlDocument();
//Dodawanie uprawnień dla użytkownika/grupy
if (UserType == "user")
{
strNewNode = AddACE(NTName, UserType, User_AuthFldAllow,
User_AuthFldDeny);
}
else
{
strNewNode = AddACE(NTName, UserType, Grp_AuthFldAllow, Grp_AuthFldDeny);
}
xmlNewACEDom.LoadXml(strNewNode);
System.Xml.XmlNamespaceManager xmlnsmNewACEDom = new
System.Xml.XmlNamespaceManager(xmlNewACEDom.NameTable);
xmlnsmNewACEDom.AddNamespace("S",
"http://schemas.microsoft.com/security/");
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_denied_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode1 = XMLRoot.ImportNode(xmlNewNode,true);
effacesnode.InsertBefore(newNode1,effacesnode.FirstChild);
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_allowed_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode2 = XMLRoot.ImportNode(xmlNewNode,true);
effacesnode.InsertBefore (newNode2,effacesnode.FirstChild);
//Add the sub-container inheritable permission for user/group
if (UserType == "user")
{
strNewNode = AddACE(NTName, UserType, User_AuthFldAllow,
User_AuthFldDeny);
}
else
{
strNewNode = AddACE(NTName, UserType, Grp_AuthFldAllow, Grp_AuthFldDeny);
}
xmlNewACEDom.LoadXml(strNewNode);
xmlnsmNewACEDom = new
System.Xml.XmlNamespaceManager(xmlNewACEDom.NameTable);
xmlnsmNewACEDom.AddNamespace("S",
"http://schemas.microsoft.com/security/");
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_denied_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode3 = XMLRoot.ImportNode(xmlNewNode,true);
subconacesnode.InsertBefore(newNode3, subconacesnode.FirstChild);
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_allowed_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode4 = XMLRoot.ImportNode(xmlNewNode,true);
subconacesnode.InsertBefore(newNode4, subconacesnode.FirstChild);
//Add the sub-item inheritable Permission for user/group
if (UserType == "user")
{
strNewNode = AddACE(NTName, UserType, User_AuthSitAllow,
User_AuthSitDeny);
}
else
{
strNewNode = AddACE(NTName, UserType, Grp_AuthSitAllow, Grp_AuthSitDeny);
}
xmlNewACEDom.LoadXml(strNewNode);
xmlnsmNewACEDom = new
System.Xml.XmlNamespaceManager(xmlNewACEDom.NameTable);
xmlnsmNewACEDom.AddNamespace("S",
"http://schemas.microsoft.com/security/");
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_denied_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode5 = XMLRoot.ImportNode(xmlNewNode,true);
subitemacesnode.InsertBefore(newNode5, subitemacesnode.FirstChild);
xmlNewNode =
xmlNewACEDom.DocumentElement.SelectSingleNode("S:access_allowed_ace",xmlnsmNewACEDom);
System.Xml.XmlNode newNode6 = XMLRoot.ImportNode(xmlNewNode,true);
subitemacesnode.InsertBefore(newNode6, subitemacesnode.FirstChild);
// Do a PROPFIND to get the contact properties.
XMLDOM.LoadXml(ProHandle.Proppatch(FdPath,XMLRoot.DocumentElement.OuterXml));
//ProHandle.Delete(FdPath);
}
catch (Exception ex)
{
throw ex;
}
}
}
}
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in