Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to tell if you have Read access to a network folder?

4 views
Skip to first unread message

Mitchell S. Honnert

unread,
Oct 28, 2005, 5:26:14 PM10/28/05
to
Is there a way, given the full path of a folder on a network, that one can
programatically tell if you have Read access to that folder?

I have an application where the user is able to select a number of search
folders using the standard dialog control. There shouldn't be an issue with
the search folder being on a local drive or a network drive. But if you
don't have Read access to the folder, there's trouble. The user can see the
folder on the network, so is able to select it in the dialog. But they're
not actually able to see any files in the folder, which makes selecting it
as a search folder kind of pointless. What I'd like to do it, at the time
the user selects a network folder, check to see if the user actually has the
ability to see files within the folder as well.

I've tried playing around with the IO.Directory class and other class in IO,
but if the solution is in there, I guess I'm just not finding it. I suppose
I could just try and read the files in the directory and catch the access
exception, but this just seems kludgy. If there's a better way, I'd like to
use that.

Thank,

- Mitchell S. Honnert


Jay B. Harlow [MVP - Outlook]

unread,
Oct 29, 2005, 12:29:20 AM10/29/05
to
Mitchell,
In VS 2002 & 2003 (.NET 1.0 & 1.1) there is nothing available sans P/Invoke.

VS 2005 (.NET 2.0) includes a new System.Security.AccessControl namespace
that makes this relatively easy.

http://msdn2.microsoft.com/en-us/library/tbsb79h3(en-US,VS.80).aspx


You can use the new File.GetAccessControl to get the
AuthorizationRuleCollection for a file:

http://msdn2.microsoft.com/en-us/library/system.io.file.getaccesscontrol.aspx

You can use the new Directory.GetAccessControl to get the
AuthorizationRuleCollection for a directory:
http://msdn2.microsoft.com/en-us/library/4kds9zxc(en-US,VS.80).aspx

From looking at these two, these give you explicit permissions, not
effective permission for a user. I don't see right now how to do "Effective
Permissions" as found on the "Advanced Security Settings for ..." dialog
from the Security tab of the file Properties in Windows Explorer on Windows
XP.


Here's a quick sample on getting the explicit permissions on a file.

Imports System.IO
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Sub Main()
Const fileName As String = "\Windows\Microsoft.NET\Framework\"

Dim security As FileSecurity = File.GetAccessControl(fileName)

Dim accessRules As AuthorizationRuleCollection =
security.GetAccessRules(True, True, GetType(NTAccount))

For Each rule As FileSystemAccessRule In accessRules
Debug.WriteLine(rule.FileSystemRights,
rule.IdentityReference.Value)
Next

End Sub

If I find an example that gives effective permissions I'll post a follow up.

I am not seeing any thing on Keith Brown's blog right now:

http://pluralsight.com/blogs/keith/

Keith Brown is author of "The .NET Developer's Guide to Windows Security"
which I highly recommend.

http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HomePage.html

The following article explains the NTAccount object I use in the above
sample:

http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToProgramWithSIDs.html

Again, if I find anything further I will post.

--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net


"Mitchell S. Honnert" <news@honnert~R~E~M~O~V~E~.com> wrote in message
news:%23UHK4YA...@tk2msftngp13.phx.gbl...

Jay B. Harlow [MVP - Outlook]

unread,
Oct 29, 2005, 12:32:54 AM10/29/05
to
Doh!

| VS 2005 (.NET 2.0) includes a new System.Security.AccessControl namespace
| that makes this relatively easy.
I really should have said "that should make this relatively easy"...

--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net


"Jay B. Harlow [MVP - Outlook]" <Jay_Har...@tsbradley.net> wrote in
message news:eeeZbFE3...@TK2MSFTNGP09.phx.gbl...

Jay B. Harlow [MVP - Outlook]

unread,
Oct 29, 2005, 12:44:42 AM10/29/05
to
Mitchell,
The following article introduces the new System.Security.AccessControl
namespace:

http://msdn.microsoft.com/msdnmag/issues/05/01/SecurityBriefs/

--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net


"Mitchell S. Honnert" <news@honnert~R~E~M~O~V~E~.com> wrote in message
news:%23UHK4YA...@tk2msftngp13.phx.gbl...

Mitchell S. Honnert

unread,
Oct 29, 2005, 10:44:49 AM10/29/05
to
Jay, thank you very much for the reply. I'll look over the links you
provided, but it really looks like you've steered me in the right direction.

- Mitchell S. Honnert


"Jay B. Harlow [MVP - Outlook]" <Jay_Har...@tsbradley.net> wrote in
message news:eeeZbFE3...@TK2MSFTNGP09.phx.gbl...

Jay B. Harlow [MVP - Outlook]

unread,
Oct 30, 2005, 12:16:56 PM10/30/05
to
Mitchell,
Reviewing Keith Brown's book something just occurred to me.

The user running the code is going to need a certain amount of permission to
get the list of permissions on an object (file), generally the "Read
Permissions" permission.

If the user doesn't have the "Read Permissions" permission I suspect that
File.GetAccessControl will throw an UnauthorizedAccessException, which I
believe is the same as when you attempt to open it for reading & you don't
have the "Read Data" permission...


--
Hope this helps
Jay [MVP - Outlook]
.NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley - http://www.tsbradley.net


"Mitchell S. Honnert" <news@honnert~R~E~M~O~V~E~.com> wrote in message

news:uAb1VdJ3...@TK2MSFTNGP09.phx.gbl...

0 new messages