I have a third-party application that uses AD LDS to store my hierarchical data, and I need to provide a web interface in ASP.NET MVC for this system. It uses DACL for directory entries to control user access to individual entries.
I have found some good articles explaining how to read ActiveDirectoryAccessRulesfor DirectoryEntry, but I cannot find a good way to calculate effective permissions for a particular user . Is there a Microsoft API or library, or do I need to invent my own way?
Links for people exploring related topics:
Writing Your Own AD / ADAM Permissions Editor - 3
.NET Developer Guide for Programming Directory Services
C # Access Control Lists
source
share