How to remove orphaned accounts on folder permission Programmatically whith c#

Question

I have a little program that removing account permissions from shared folders. But on some folder's security tab there accounts like this "S-1-5-21-2008445439-890656017-1691616715-1589748". I have the permission to login that server and remove manually but whit my code I couldn't do because of this error below. How can I remove these accounts. Thanks.

private void button2_Click(object sender, EventArgs e)
    {
        var security = Directory.GetAccessControl(txtBoxPath.Text);
        var rules = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));

        foreach (FileSystemAccessRule rule in rules)
        {
                if (rule.IdentityReference.Value == listView1.SelectedItems[0].Text)
                {
                    string name = rule.IdentityReference.Value;
                    RemoveFileSecurity(txtBoxPath.Text, name,
                    FileSystemRights.FullControl |
                    FileSystemRights.Modify |
                    FileSystemRights.Read |
                    FileSystemRights.ReadAndExecute |
                    FileSystemRights.ReadPermissions |
                    FileSystemRights.Synchronize |
                    FileSystemRights.ListDirectory |
                    FileSystemRights.ChangePermissions |
                    FileSystemRights.Delete,
                    AccessControlType.Allow);
                    MessageBox.Show("OK");
                }
         }
    }

public static void RemoveFileSecurity(string fileName, string account,
        FileSystemRights rights, AccessControlType controlType)
    {
        // Get a FileSecurity object that represents the 
        // current security settings.
        FileSecurity fSecurity = File.GetAccessControl(fileName);
        // Remove the FileSystemAccessRule from the security settings.
        fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
            rights, controlType));
        // Set the new access settings.
        File.SetAccessControl(fileName, fSecurity);

    }

An unhandled exception of type 'System.Security.Principal.IdentityNotMappedException' occurred in mscorlib.dll

Additional information: Some or all identity references could not be translated.

Answer 1

I checked this code (with .NET 4.0 if that matters): the exception does not occur by IdentityReference.

The reading of the entries in the foreach loop is ok, if a ACE (access control entry) contains a trustee (user or group) which cannot be resolved, it returns a SID (S-1-5-21-20084454....) as Value. This is fine at this point and the best the framework code can do here.

Later you give the account to

new FileSystemAccessRule(account, ...

At this point, the exception occurs, since account will be seen as an account NAME and a name to SID lookup will take place. And since "S-1-5..." is not a valid account name, the constructor throws.

But: why are you using the string as parameter to your RemoveFileSecuritymethod ?

I changed the code a bit:

foreach (FileSystemAccessRule rule in rules)
{
    if (rule.IdentityReference.Value == listView1.SelectedItems[0].Text)
    {
        RemoveFileSecurity(path, rule);
        MessageBox.Show("OK");
    }
}



public static void RemoveFileSecurity(string fileName, FileSystemAccessRule rule)
{
    // Get a FileSecurity object that represents the 
    // current security settings.
    FileSecurity fSecurity = File.GetAccessControl(fileName);

    // Remove the FileSystemAccessRule from the security settings.
    fSecurity.RemoveAccessRule(rule);

    // Set the new access settings.
    File.SetAccessControl(fileName, fSecurity);

}

I hope I understood your problem correctly. I assume you really enter the SID in the textbox and want the entry with the SID to be removed.