Share via

  • Article

Getting an Item's XML Security Descriptor

Topic Last Modified: 2006-06-12

You can get an item's XML security descriptor by requesting the descriptor Field. The following example shows what the WebDAV PROPFIND Method request might look like:

PROPFIND /path/to/item.txt HTTP/1.1
Content-Type: text/xml
Depth: 0
Translate: f
Content-Length: XXX

<?xml version="1.0"?>
<propfind xmlns="DAV:">
 <prop xmlns:S="https://schemas.microsoft.com/exchange/security/">
  <S:descriptor/>
 </prop>
</propfind>

The following example demonstrates how to send this request by using the XMLHTTP Component Object Model (COM) object:

JScript

Example

function getSecurityDescForItem( url , username, password) {

 var xmlDom = new ActiveXObject("Microsoft.XMLDOM");
 var pi     = xmlDom.createProcessingInstruction("xml","version=\"1.0\"");
 var e1     = xmlDom.createNode(1, "propfind", "DAV:");
 var e2     = xmlDom.createNode(1, "prop","DAV:");

 xmlDom.appendChild(pi);
 xmlDom.documentElement = e1;
 e1.setAttribute("xmlns:S","https://schemas.microsoft.com/exchange/security/");
 e1.appendChild(e2);
 e2.appendChild(xmlDom.createNode(1, "S:descriptor","https://schemas.microsoft.com/exchange/security/"));

 var Req = new ActiveXObject("Microsoft.XMLHTTP");

 Req.open("PROPFIND",url, false, username, password);
 Req.setRequestHeader("Content-Type","text/xml");
 Req.setRequestHeader("Depth","0");
 Req.setRequestHeader("Translate","f");

 Req.send(xmlDom.xml);


 if(Req.status != "207") {
   var errstr = "ERR: HTTP server returned status=" + Req.status
   errstr    += "\r\nError: HTTP server returned status=" + Req.status;
   errstr    += "       Status text: " + Req.statusText;
   errstr    += "       Response Text: " + Req.responseText;
   throw errstr;
 }

 var resItem   = findDescriptorInDOM(Req.responseXML);
 if(resItem == null)
   throw "ERR: Could not locate prop in response!!";
 else
   return resItem;
}

function findDescriptorInDOM( Doc ) {

 var item;
 var root = Doc.documentElement;
 if(root.namespaceURI != "DAV:")
   return null;

 var prefix = root.prefix;
 var propElem = root.selectSingleNode("//" + prefix + ":" + "prop");
 if(propElem == null)
   return null;

 var descProp = propElem.childNodes.item(0);
 if(descProp.baseName != "descriptor" || descProp.namespaceURI != "https://schemas.microsoft.com/exchange/security/")
  return null;

 var desc = descProp.childNodes.item(0);
 WScript.Echo(desc.nodeName);
 return desc;

}

The following example demonstrates how to get the item's security descriptor by using Microsoft® ActiveX® Data Objects (ADO) and the Exchange OLE DB (ExOLEDB) provider:

VBScript

Example

Function getSecDescForItem( vSource )

  Dim Rec
  Dim vtype
  dim typenam
  vtype = VarType(vSource)
  typenam = TypeName(vSource)

 ' Check arguments
  If Not ( _
    ( vtype = vbString) OR  _
    (  ( vtype = vbObject)  And  _
    (  ( typenam = "Record") ) ) _
    ) Then
    Err.Raise &H80070057 ' E_INVALIDARG
  End If

  if vtype = vbString Then
    Set Rec = CreateObject("ADODB.Record")
    Rec.Open vSource
  elseif vtype = vbObject And typename = "Record" Then
    Set Rec = vSource
  End If

  Dim Flds
  Set Flds = Rec.Fields
  getSecDescForItem = Flds("https://schemas.microsoft.com/exchange/security/descriptor").Value

End Sub