GetNamedSecurityInfo (advapi32)
Last changed: 192.168.101.2
.
Summary
The GetNamedSecurityInfo function retrieves a copy of the security descriptor for an object specified by name.

C# Signature:

[DllImport("advapi32.dll", CharSet=CharSet.Auto)]
static extern uint GetNamedSecurityInfo(
    string pObjectName,
    SE_OBJECT_TYPE ObjectType,
    SECURITY_INFORMATION SecurityInfo,
    out IntPtr pSidOwner,
    out IntPtr pSidGroup,
    out IntPtr pDacl,
    out IntPtr pSacl,
    out IntPtr pSecurityDescriptor);

VB Signature:

Declare Function GetNamedSecurityInfo Lib "advapi32.dll" ( _
    ByVal pObjectName As String, _
    ByVal ObjectType As SE_OBJECT_TYPE, _
    ByVal SecurityInfo As SECURITY_INFORMATION, _
    ByRef pSidOwner As IntPtr, _
    ByRef pSidGroup As IntPtr, _
    ByRef pDacl As IntPtr, _
    ByRef pSacl As IntPtr, _
    ByRef pSecurityDescriptor As IntPtr) As Integer

User-Defined Types:

SE_OBJECT_TYPE, SECURITY_INFORMATION

Notes:

The caller needs to call LocalFree() on the pointer to the security descriptor returned from this call.

Also, the example given below is mildly incompatible with the example given for LookupAccountSid() on this site.

Tips & Tricks:

Please add some!!

C# Sample Code:

public static string GetFileObjectOwner(string objectName)

    IntPtr pZero = IntPtr.Zero;
    IntPtr pSid = pZero;
    IntPtr psd = pZero;
    int errorReturn = GetNamedSecurityInfo(objectName, SE_FILE_OBJECT,
        OWNER_SECURITY_INFORMATION,
        out pSid, out pZero, out pZero, out pZero, out psd);

    if(errorReturn != 0)
    {
        Console.WriteLine("GetNamedSecurityInfo: {0} ", errorReturn);
        return null;
    }

    int _bufferSize = 64;
    StringBuilder _buffer = new StringBuilder();
    int _accounLength = _bufferSize;
    int _domainLength = _bufferSize;
    int _sidNameUse= 0;

    StringBuilder _account = new StringBuilder(_bufferSize);
    StringBuilder _domain = new StringBuilder(_bufferSize);

    errorReturn = LookupAccountSid(null, pSid, _account, ref _accounLength, _domain, ref _domainLength, out _sidNameUse);
    if(errorReturn == 0)
    {
        Console.WriteLine("LookupAccountSid: {0}", Marshal.GetLastWin32Error());
        return null;
    }
    _buffer.Append(_domain);
    _buffer.Append(@"\");
    _buffer.Append(_account);
    LocalFree(psd);
    return _buffer.ToString();

VB.Net Sample Code:

    ' Type of Securable Object we are operating in this sample code
    Private Const SE_FILE_OBJECT = 1&

    ' The Security Information constants required
    Private Const DACL_SECURITY_INFORMATION = 4&

    Dim pSecDesc, pOldDACL As IntPtr
    Dim Win32Error As Win32Exception
    Dim ret As Integer

    ' get the Security Descriptor and DACL
    ret = GetNamedSecurityInfo(strPath, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, Nothing, Nothing, pOldDACL, Nothing, pSecDesc)
    If ret <> 0 Then
        Win32Error = New Win32Exception(ret)
        Throw New Exception(Win32Error.Message)
    End If

Alternative Managed API:

With .NET v2.0 you can use the classes in System.Security.AccessControl to duplicate most of this functionality.

  using System.Security.AccessControl;
  using System.Security.Principal;

  public static string GetFileObjectOwner(string objectName)
  {
    FileSecurity pSD = new FileSecurity(objectName, AccessControlSections.Owner);

    NTAccount ownerName = (NTAccount)(pSD.GetOwner(typeof(NTAccount)));
    /* The username is returned in SAM form (domain\username) */

    return ownerName.ToString();
  }

Documentation
GetNamedSecurityInfo on MSDN