登入
 
MSDN > 論壇首頁 > Visual C# General > Enumerate file permissions
發問發問
搜查論壇:
 

已答覆Enumerate file permissions

  • Wednesday, 10 January, 2007 11:37Sei_ 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票

    Hello,

    First, I hope that I wrote my question in the right forum... If not, sorry by advance.  

    Well, I am searching for a way to list all members autorized to access a specific file or folder on the network. The application to create will have to be available for any user : meaning, for the moment, that I cannot use any admin account.

    My question is : do you know if such application can be developped in .Net ? C# ?

    If yes, could you please help me by indicating me the classes to use ? (I am not expert in this language, but I think that I can try to do something !)

    Thank you by advance.

    Sei.

     

解答

  • Wednesday, 10 January, 2007 16:59TaylorMichaelLMVP, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     已答覆
    登入以投票
    0
    登入以投票

    As of v2 you can use the security subsystem to enumerate the access rights of any securable object.  Firstly you'll need to get the file access rules.  Then  you can enumerate through them.  Here's some sample code that dumps the access rights of a file (folders work the same way but with different classes)

    static void Main ( string[] args )
    {
           FileSecurity sec = File.GetAccessControl(@"c:\temp");

           AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));
           foreach (FileSystemAccessRule rule in rules)
       {
              NTAccount account = rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount;
              Console.Write("{0}: ", account.Value);

              if (rule.AccessControlType == AccessControlType.Deny)
                 Console.Write("Denied ");
              Console.Write("{0}", rule.FileSystemRights);

              if (rule.IsInherited)
                 Console.WriteLine(" (Inherited)");
              else
                 Console.WriteLine(" (Explicit)");
       };
    }

    Michael Taylor - 1/10/07
    http://p3net.mvps.org

     

     

所有回覆

  • Wednesday, 10 January, 2007 16:59TaylorMichaelLMVP, 版主使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     已答覆
    登入以投票
    0
    登入以投票

    As of v2 you can use the security subsystem to enumerate the access rights of any securable object.  Firstly you'll need to get the file access rules.  Then  you can enumerate through them.  Here's some sample code that dumps the access rights of a file (folders work the same way but with different classes)

    static void Main ( string[] args )
    {
           FileSecurity sec = File.GetAccessControl(@"c:\temp");

           AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));
           foreach (FileSystemAccessRule rule in rules)
       {
              NTAccount account = rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount;
              Console.Write("{0}: ", account.Value);

              if (rule.AccessControlType == AccessControlType.Deny)
                 Console.Write("Denied ");
              Console.Write("{0}", rule.FileSystemRights);

              if (rule.IsInherited)
                 Console.WriteLine(" (Inherited)");
              else
                 Console.WriteLine(" (Explicit)");
       };
    }

    Michael Taylor - 1/10/07
    http://p3net.mvps.org

     

     
  • Friday, 16 November, 2007 17:26it68 使用者勳章使用者勳章使用者勳章使用者勳章使用者勳章
     
    登入以投票
    0
    登入以投票

    This example does not cover situation when "rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount" throws an exception because SID can not be translated to NTAccount. This situation is very common when file share is exposed by a system that is not part of NT domain and uses CIFS or other type of file sharing.

     

    I found no ways so far to query if current application will have particular FileSystemRights permission on specific file.

     

    Is it achievable in C#?

     

    Igor Touzov 11/16/2007