登录
 
Microsoft 开发人员网络 > 论坛主页 > Visual C# General > Enumerate file permissions
提出问题提出问题
搜索论坛:
 

已答复Enumerate file permissions

  • 2007年1月10日 11:37Sei_ 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票

    Hello,

    First, I hope that I wrote my question in the right forum... If not, sorry by advance.  

    Well, I am searching for a way to list all members autorized to access a specific file or folder on the network. The application to create will have to be available for any user : meaning, for the moment, that I cannot use any admin account.

    My question is : do you know if such application can be developped in .Net ? C# ?

    If yes, could you please help me by indicating me the classes to use ? (I am not expert in this language, but I think that I can try to do something !)

    Thank you by advance.

    Sei.

     

答案

  • 2007年1月10日 16:59TaylorMichaelLMVP, 版主用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     已答复
    登录进行投票
    0
    登录进行投票

    As of v2 you can use the security subsystem to enumerate the access rights of any securable object.  Firstly you'll need to get the file access rules.  Then  you can enumerate through them.  Here's some sample code that dumps the access rights of a file (folders work the same way but with different classes)

    static void Main ( string[] args )
    {
           FileSecurity sec = File.GetAccessControl(@"c:\temp");

           AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));
           foreach (FileSystemAccessRule rule in rules)
       {
              NTAccount account = rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount;
              Console.Write("{0}: ", account.Value);

              if (rule.AccessControlType == AccessControlType.Deny)
                 Console.Write("Denied ");
              Console.Write("{0}", rule.FileSystemRights);

              if (rule.IsInherited)
                 Console.WriteLine(" (Inherited)");
              else
                 Console.WriteLine(" (Explicit)");
       };
    }

    Michael Taylor - 1/10/07
    http://p3net.mvps.org

     

     

全部回复

  • 2007年1月10日 16:59TaylorMichaelLMVP, 版主用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     已答复
    登录进行投票
    0
    登录进行投票

    As of v2 you can use the security subsystem to enumerate the access rights of any securable object.  Firstly you'll need to get the file access rules.  Then  you can enumerate through them.  Here's some sample code that dumps the access rights of a file (folders work the same way but with different classes)

    static void Main ( string[] args )
    {
           FileSecurity sec = File.GetAccessControl(@"c:\temp");

           AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));
           foreach (FileSystemAccessRule rule in rules)
       {
              NTAccount account = rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount;
              Console.Write("{0}: ", account.Value);

              if (rule.AccessControlType == AccessControlType.Deny)
                 Console.Write("Denied ");
              Console.Write("{0}", rule.FileSystemRights);

              if (rule.IsInherited)
                 Console.WriteLine(" (Inherited)");
              else
                 Console.WriteLine(" (Explicit)");
       };
    }

    Michael Taylor - 1/10/07
    http://p3net.mvps.org

     

     
  • 2007年11月16日 17:26it68 用户奖牌用户奖牌用户奖牌用户奖牌用户奖牌
     
    登录进行投票
    0
    登录进行投票

    This example does not cover situation when "rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount" throws an exception because SID can not be translated to NTAccount. This situation is very common when file share is exposed by a system that is not part of NT domain and uses CIFS or other type of file sharing.

     

    I found no ways so far to query if current application will have particular FileSystemRights permission on specific file.

     

    Is it achievable in C#?

     

    Igor Touzov 11/16/2007