I have an application where the user is able to select a number of search
folders using the standard dialog control. There shouldn't be an issue with
the search folder being on a local drive or a network drive. But if you
don't have Read access to the folder, there's trouble. The user can see the
folder on the network, so is able to select it in the dialog. But they're
not actually able to see any files in the folder, which makes selecting it
as a search folder kind of pointless. What I'd like to do it, at the time
the user selects a network folder, check to see if the user actually has the
ability to see files within the folder as well.
I've tried playing around with the IO.Directory class and other class in IO,
but if the solution is in there, I guess I'm just not finding it. I suppose
I could just try and read the files in the directory and catch the access
exception, but this just seems kludgy. If there's a better way, I'd like to
use that.
Thank,
- Mitchell S. Honnert
VS 2005 (.NET 2.0) includes a new System.Security.AccessControl namespace
that makes this relatively easy.
http://msdn2.microsoft.com/en-us/library/tbsb79h3(en-US,VS.80).aspx
You can use the new File.GetAccessControl to get the
AuthorizationRuleCollection for a file:
http://msdn2.microsoft.com/en-us/library/system.io.file.getaccesscontrol.aspx
You can use the new Directory.GetAccessControl to get the
AuthorizationRuleCollection for a directory:
http://msdn2.microsoft.com/en-us/library/4kds9zxc(en-US,VS.80).aspx
From looking at these two, these give you explicit permissions, not
effective permission for a user. I don't see right now how to do "Effective
Permissions" as found on the "Advanced Security Settings for ..." dialog
from the Security tab of the file Properties in Windows Explorer on Windows
XP.
Here's a quick sample on getting the explicit permissions on a file.
Imports System.IO
Imports System.Security.AccessControl
Imports System.Security.Principal
Public Sub Main()
Const fileName As String = "\Windows\Microsoft.NET\Framework\"
Dim security As FileSecurity = File.GetAccessControl(fileName)
Dim accessRules As AuthorizationRuleCollection =
security.GetAccessRules(True, True, GetType(NTAccount))
For Each rule As FileSystemAccessRule In accessRules
Debug.WriteLine(rule.FileSystemRights,
rule.IdentityReference.Value)
Next
End Sub
If I find an example that gives effective permissions I'll post a follow up.
I am not seeing any thing on Keith Brown's blog right now:
http://pluralsight.com/blogs/keith/
Keith Brown is author of "The .NET Developer's Guide to Windows Security"
which I highly recommend.
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HomePage.html
The following article explains the NTAccount object I use in the above
sample:
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToProgramWithSIDs.html
Again, if I find anything further I will post.
--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net
"Mitchell S. Honnert" <news@honnert~R~E~M~O~V~E~.com> wrote in message
news:%23UHK4YA...@tk2msftngp13.phx.gbl...
--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net
"Jay B. Harlow [MVP - Outlook]" <Jay_Har...@tsbradley.net> wrote in
message news:eeeZbFE3...@TK2MSFTNGP09.phx.gbl...
http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/
--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net
"Mitchell S. Honnert" <news@honnert~R~E~M~O~V~E~.com> wrote in message
news:%23UHK4YA...@tk2msftngp13.phx.gbl...
- Mitchell S. Honnert
"Jay B. Harlow [MVP - Outlook]" <Jay_Har...@tsbradley.net> wrote in
message news:eeeZbFE3...@TK2MSFTNGP09.phx.gbl...
The user running the code is going to need a certain amount of permission to
get the list of permissions on an object (file), generally the "Read
Permissions" permission.
If the user doesn't have the "Read Permissions" permission I suspect that
File.GetAccessControl will throw an UnauthorizedAccessException, which I
believe is the same as when you attempt to open it for reading & you don't
have the "Read Data" permission...
--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net
"Mitchell S. Honnert" <news@honnert~R~E~M~O~V~E~.com> wrote in message
news:uAb1VdJ3...@TK2MSFTNGP09.phx.gbl...