RE: Checking Folder Access Permissions
- From: jetan@xxxxxxxxxxxxxxxxxxxx ("Jeffrey Tan[MSFT]")
- Date: Mon, 17 Jul 2006 06:22:36 GMT
Hi Jeff,
Thanks for your post!
Based on my understanding, your File Manager application wanted to manage
and check certain user's NTFS access to a folder in .Net.
In Windows security world, all the objects are protected with DACL in
Security Descriptor. The DACL contains a list of ACEs, which describes
which account can/can't access this object. So is the Folder object.
The Windows DACL security feature is not supported in .Net1.1, but is
partial added in .Net2.0. To dump out the DACL of a folder, you may use
Directory.GetAccessControl method to get the DirectorySecurity class, and
then loop through the result set from DirectorySecurity.GetAccessRules to
dump each ACE content. The figure3 in the article below provides some
sample regarding dumping DACL of a file, which is easy to modified into
folder:
"Manage Access to Windows Objects with ACLs and the .NET Framework"
http://msdn.microsoft.com/msdnmag/issues/04/11/AccessControlinNET/
To programmatically access check if a user has certain access right to a
folder, Windows provides AccessCheck API for this purpose. However, based
on my research, I found .Net2.0 did not provide support for this API, so
you have to p/invoke this win32 API to achieve what you want. Actually, in
..Net world, the simplest way of access checking is performing the folder
accessing directly and catch the access deny exception to indicate the
failure, or the accessing is granted. AccessCheck API is a somewhat complex
API, if you want to p/invoke to it, please refer to the article below for
more information:
"The Windows Access Control Model Part 3"
http://www.codeproject.com/csharp/accessctrl3.asp
Finally, the article below provides a rude way of doing access checking in
..Net. That is he simulate the work of AccessCheck API in .Net by checking
each ACE for grant/deny information, if you do not like the complexibility
of p/invoke AccessCheck and throw exception with direct access, this is
another choice for you:
"Testing file access rights in .NET 2.0"
http://www.codeproject.com/useritems/UserFileAccessRights.asp
Hope this helps.
If you need further help or other concern, please feel free to tell me,
thanks!
Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Follow-Ups:
- Re: Checking Folder Access Permissions
- From: Jeff Gaines
- Re: Checking Folder Access Permissions
- References:
- Checking Folder Access Permissions
- From: Jeff Gaines
- Checking Folder Access Permissions
- Prev by Date: Re: Addition error in DotNet 2.0
- Next by Date: "admin console" in CCF troubleshoot
- Previous by thread: Checking Folder Access Permissions
- Next by thread: Re: Checking Folder Access Permissions
- Index(es):
Relevant Pages
|
