security-identifier

问题 In this block of code in Cassini-dev's NTLM authentication class, calls made to SECUR32.DLL (via Interop ) are made to authenticate the base64 encoded data in an HTTP request's Authorization headers. This makes sense, when both AcceptSecurityContext() and QuerySecurityContextToken() return 0 , the client has been authorized. At the end, the security context token has a SecurityIdentifier extracted from it (the _sid variable). (A bit about common Security IDs ) Here is the relevant section of

问题 Searching for the user michael@mycontoso.com with the objectSid S-1-5-21-1234567890-123465789-123456789-123456 , I only find a Foreign Security Principal CN=S-1-5-21-1234567890-123465789-123456789-123456,CN=ForeignSecurityPrincipals,DC=contoso,DC=com . That foreign security principal does not contain the properties I have to read, so I guess I have to access the "Home AD" of that FSP. Does a FSP have a property that always contains the LDAP path of the user object? Is there a standardized