none
How to find the server folder access RRS feed

  • Question

  • Hi all,

    How can i find the server folder having me the access (full assess)and the application will open if have the access or show the message box . I have coded but its not working. below my codes

    private void OKbutton_Click(object sender, EventArgs e)
    
            {
    
              
    
     string TeklaFirmLocation = "\\\\Sip6011222501\\FirmFolder\\";
    
     
    
                AuthorizationRuleCollection collec = Directory.GetAccessControl(TeklaFirmLocation).GetAccessRules(true, true, typeof(NTAccount));
    
     
    
                foreach (FileSystemAccessRule rule in collec)
    
                {
    
                    if (rule.AccessControlType == AccessControlType.Deny)
    
                    {
    
                        MessageBox.Show("You don’t have Tekla Firm folder access \nPlease ask to admin for the same", "Massage from TeklaStructures", MessageBoxButtons.OK, MessageBoxIcon.Information);
    
                        break;
    
                    }
    
                    else
    
                    {
    
                        if (comboBox1.SelectedIndex == 0)
    
                        {
    
                            string TeklaFirmLocationImp = TeklaFirmLocation + "TS2017i-imp_Firm\\TS2017i-imp_Firm";
    
     
    
                            Process.Start(TeklaFirmLocationImp);
    
                            this.Close();
    
                        }
    
                        else if (comboBox1.SelectedIndex == 1)
    
                        {
    
                            string TeklaFirmLocationMet = TeklaFirmLocation + "TS2017i-Met_Firm\\TS2017i-Met_Firm";
    
                            Process.Start(TeklaFirmLocationMet);
    
                            this.Close();
    
                        }
    
                        else
    
                        {
    
                            MessageBox.Show("Please select the Unit", "Massage from TeklaStructures", MessageBoxButtons.OK, MessageBoxIcon.Information);
    
                        }
    
     
    
                   }
    
                }

    Monday, November 19, 2018 1:46 PM

Answers

  • So you want to connect to an arbitrary file path and show an error if the user doesn't have full access? That seems like an odd requirement since your app shouldn't require full access to the file system. In general your app just needs read and/or write access. Therefore you should simply test for that.

    You could do an explicit test by grabbing the ACL list as you're trying to do. But to be honest most apps simply try to do the operation and catch the UnauthorizedAccessException that occurs if they don't.

    try
    {
       //Try to read
       var files = Directory.GetFiles(targetPath);
    } catch (UnauthorizedAccessException)
    {
       MessageBox.Show("Insufficient privileges");
    };
    
    As for your code it is checking for the rules improperly. You are looking for an explicit deny but that only occurs if someone went in and explicitly denied access to the item. To check for whether a user has a particular right you have to start out with the no access and then enumerate all the rules looking for either a deny (which stops everything) or an explicit grant. Note also that rarely do we use users in security but rather groups so you have to take the user's group membership (and hierarchy) into account as well. For example if Bob is a member of the IT group and that group is a member of the Power Users group on the machine then you have to look for permissions for (or against) Bob, IT and Power Users. Here's some starter code but note they are just look at the user and not the groups so it is going to be more complicated.


    Michael Taylor http://www.michaeltaylorp3.net

    Monday, November 19, 2018 3:06 PM
    Moderator

All replies

  • So you want to connect to an arbitrary file path and show an error if the user doesn't have full access? That seems like an odd requirement since your app shouldn't require full access to the file system. In general your app just needs read and/or write access. Therefore you should simply test for that.

    You could do an explicit test by grabbing the ACL list as you're trying to do. But to be honest most apps simply try to do the operation and catch the UnauthorizedAccessException that occurs if they don't.

    try
    {
       //Try to read
       var files = Directory.GetFiles(targetPath);
    } catch (UnauthorizedAccessException)
    {
       MessageBox.Show("Insufficient privileges");
    };
    
    As for your code it is checking for the rules improperly. You are looking for an explicit deny but that only occurs if someone went in and explicitly denied access to the item. To check for whether a user has a particular right you have to start out with the no access and then enumerate all the rules looking for either a deny (which stops everything) or an explicit grant. Note also that rarely do we use users in security but rather groups so you have to take the user's group membership (and hierarchy) into account as well. For example if Bob is a member of the IT group and that group is a member of the Power Users group on the machine then you have to look for permissions for (or against) Bob, IT and Power Users. Here's some starter code but note they are just look at the user and not the groups so it is going to be more complicated.


    Michael Taylor http://www.michaeltaylorp3.net

    Monday, November 19, 2018 3:06 PM
    Moderator
  • Hi, Thanks for your reply.

    Still did not solve the problem. its shows error, see below snap and my codes.

     private void button1_Click(object sender, EventArgs e)
            {
                string TeklaFirmLocation = "\\\\Sip6011222501\\FirmFolder\\";
               
                WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
                var domainAndUser = currentUser.Name;
                DirectoryInfo dirInfo = new DirectoryInfo(TeklaFirmLocation);
                DirectorySecurity dirAC = dirInfo.GetAccessControl(AccessControlSections.All);
                AuthorizationRuleCollection rules = dirAC.GetAccessRules(true, true, typeof(NTAccount));
                foreach (AuthorizationRule rule in rules)
                {
                    if (rule.IdentityReference.Value.Equals(domainAndUser, StringComparison.CurrentCultureIgnoreCase))
                    {
                        if ((((FileSystemAccessRule)rule).FileSystemRights & FileSystemRights.WriteData) > 0)
                        {
                            if (comboBox1.SelectedIndex == 0)
                            {
                                string TeklaFirmLocationImp = TeklaFirmLocation + "TS2017i-imp_Firm\\TS2017i-imp_Firm";
                                Process.Start(TeklaFirmLocationImp);
                                this.Close();
                            }
                            else if (comboBox1.SelectedIndex == 1)
                            {
                                string TeklaFirmLocationMet = TeklaFirmLocation + "TS2017i-Met_Firm\\TS2017i-Met_Firm";
                                Process.Start(TeklaFirmLocationMet);
                                this.Close();
                            }
                            else
                            {
                                MessageBox.Show("Please select the Unit", "Massage from TeklaStructures", MessageBoxButtons.OK, MessageBoxIcon.Information);
                            }
                        }
                           
                    }
                }
                    MessageBox.Show("Don't have sever access", "Massage from TeklaStructures", MessageBoxButtons.OK, MessageBoxIcon.Information);
            }

    Thanks

    Anilkumar.

    Saturday, November 24, 2018 5:04 AM
  • File shares and directories are two different things. Using a UNC path is accessing the file share. A file share has simple permissions like read and write. Access control is using the NTFS file permissions. Having access to a file share doesn't mean you have access to the underlying file system. Just an FYI.

    GetAccessControl uses the standard GetNamedSecurityInfo Win32 call to get this information. Since that is a Win32 call the error code is coming from Windows. 53 maps to ERROR_BAD_NETPATH. So the network path you're trying to use is not valid as far as Windows is concerned. This could be something as simple as a bad path. But if that network share is actually not a Windows machine you could run into problems potentially. Refer to the Win32 documentation for what it works with. I've never tried it against a file share so I don't know the exact behavior. Try against a local path first to confirm your code is working properly. You might also consider getting rid of that last slash. I don't imagine it would cause a problem but better to be safe.


    Michael Taylor http://www.michaeltaylorp3.net

    Saturday, November 24, 2018 5:25 AM
    Moderator