Enumerate file permissions
Hello,
First, I hope that I wrote my question in the right forum... If not, sorry by advance.
Well, I am searching for a way to list all members autorized to access a specific file or folder on the network. The application to create will have to be available for any user : meaning, for the moment, that I cannot use any admin account.
My question is : do you know if such application can be developped in .Net ? C# ?
If yes, could you please help me by indicating me the classes to use ? (I am not expert in this language, but I think that I can try to do something !)
Thank you by advance.
Sei.
Answers
As of v2 you can use the security subsystem to enumerate the access rights of any securable object. Firstly you'll need to get the file access rules. Then you can enumerate through them. Here's some sample code that dumps the access rights of a file (folders work the same way but with different classes)
static void Main ( string[] args )
{
FileSecurity sec = File.GetAccessControl(@"c:\temp");
AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach (FileSystemAccessRule rule in rules)
{
NTAccount account = rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount;
Console.Write("{0}: ", account.Value);
if (rule.AccessControlType == AccessControlType.Deny)
Console.Write("Denied ");
Console.Write("{0}", rule.FileSystemRights);
if (rule.IsInherited)
Console.WriteLine(" (Inherited)");
else
Console.WriteLine(" (Explicit)");
};
}Michael Taylor - 1/10/07
http://p3net.mvps.org
All Replies
As of v2 you can use the security subsystem to enumerate the access rights of any securable object. Firstly you'll need to get the file access rules. Then you can enumerate through them. Here's some sample code that dumps the access rights of a file (folders work the same way but with different classes)
static void Main ( string[] args )
{
FileSecurity sec = File.GetAccessControl(@"c:\temp");
AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach (FileSystemAccessRule rule in rules)
{
NTAccount account = rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount;
Console.Write("{0}: ", account.Value);
if (rule.AccessControlType == AccessControlType.Deny)
Console.Write("Denied ");
Console.Write("{0}", rule.FileSystemRights);
if (rule.IsInherited)
Console.WriteLine(" (Inherited)");
else
Console.WriteLine(" (Explicit)");
};
}Michael Taylor - 1/10/07
http://p3net.mvps.orgThis example does not cover situation when "rule.IdentityReference.Translate(typeof(NTAccount)) as NTAccount" throws an exception because SID can not be translated to NTAccount. This situation is very common when file share is exposed by a system that is not part of NT domain and uses CIFS or other type of file sharing.
I found no ways so far to query if current application will have particular FileSystemRights permission on specific file.
Is it achievable in C#?
Igor Touzov 11/16/2007
