Home/ Questions/Q 462403
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T23:04:16+00:00

I’m building Active Directory Authentication into my application and I am planning to link

  • 0

I’m building Active Directory Authentication into my application and I am planning to link my application’s internal accounts to a user’s domain SID. It is easier for me to work with the string format of the sid than a byte array so I was planning to store it in the database as a string. How long should I make the field to ensure SID’s will not get truncated?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I had the same question, and I believe the right answer is:

    • ID as string: 184 characters, or varchar(184) in SQL Server
    • SID as string of Hex digits: 136 characters, or varchar(136) in SQL Server
    • SID as binary: 68 bytes, or varbinary(68) in SQL Server

    I haven’t checked the math myself, but the technique used here looks valid:
    https://groups.google.com/d/msg/microsoft.public.dotnet.security/NpIi7c2Toi8/31SVhcepY58J

    Refer to the program written by Russell Mangel on Aug 19, 2006, also copied here for reference:

    So the answer to my question is:

    varbinary(68)– pure binary
    varchar(136) — (68*2) = hexString
    varchar(184) — SID String

    I wrote a little program to test,
    notice that .NET 2.0 has
    SecurityIdentifier.MaxBinaryLength, I
    didn’t know about this.

    Console.WriteLine("SID Min. num Bytes: {0}",
SecurityIdentifier.MinBinaryLength);
Console.WriteLine("SID Max. num Bytes: {0}",
SecurityIdentifier.MaxBinaryLength);
Byte[] bytes = new byte[SecurityIdentifier.MaxBinaryLength];
for (Int32 i = 0; i < bytes.Length; i++)
{
    bytes[i] = 0xFF;
}
bytes[0] = 0x01; // Must be 1
bytes[1] = 0x0F; // Max 15 (base10)
SecurityIdentifier sid = new SecurityIdentifier(bytes, 0);
String sidString = sid.ToString();
Console.WriteLine("Max length of SID in String format: {0} ", sidString.Length);
Console.WriteLine(sidString);

    Results

    SID Min. num Bytes: 8
SID Max. num Bytes: 68
Max length of SID in String format: 184
S-1-281474976710655-4294967295-4294967295-4294967295-4294967295-4294967295-
  4294967295-4294967295-4294967295-4294967295-4294967295-4294967295-
  4294967295-4294967295-4294967295-4294967295
    • 0