Question : Detect the access a specific user has to a file or folder

I want to create a simple utility application which will display a Windows Explorer type interface. The user will be able to select a User or Group from a standard selection dialog and then the application will search the selected branch in the Explorer tree and report on which folders and files the selected user is able to access.

What I am trying to find out is HOW to determine what access a specific user has to a specific file or folder. I have seen some references to the Directory.GetAccessControl function but this seems to be a very complicated route involving having to navigate through a list of Access Rules and applying priority for some rules over others.

What I would like is an example, in C# preferably, of how best to determine what access a specific user has to a specific file/folder. I would like to report on the standard set of Windows permissions, that is

Full Control
Modify
Read and Execute
Read
Write

This needs to be a C# solution really!

Answer : Detect the access a specific user has to a file or folder

Registry and file permissions are based upon the object you're attempting to access and not the registry or file system overall. Most everyone has read access to the registry (except a few keys) and files. Few people have write access.

To get the permissions related to a particular registry key, directory, file or any other securable object use the GetAccessControl method of the corresponding class (RegistryKey, Directory, etc). This gives you the list of permissions for the object. You then have to enumerate the access rules (each object exposes different rules) looking for a match between the current user and the object in question. You also have to examine the rights as a user's rights is the union of all rights they have on an object. Their group memberships also have an impact. If the user is the owner of the object then they have special rights to it as well. It is a lot of code to write.

Personally it is generally just easier and faster to try and perform the operation you want and then catch the security exception if it occurs. The problem with enumerating access rules is that they are only guaranteed valid when you grab them. While you're enumerating the rules someone could come along and change them on you. You therefore still have to handle the exception anyway.

Here's some links to code to get you started anyway:

http://visualstudiomagazine.com/features/article.aspx?editorialsid=1312

http://articles.techrepublic.com.com/5100-3513-6181971.html

Source: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2921140&SiteID=1

Random Solutions

MergeField not found breaks the automated mailmerge process: Word object shows a dialog!

Error 0x433 when installing The Message Queuing serivce

Convert number to formatted string

How to preload gifs in background from xml?

IIS -- Windows Integrated Authentication

Can a single SSL Certificate (Thawte) be used on multiple servers ?

exchange 2003 deleted user, not mailbox how to get a different user connected to teh mailbox

Storing catagories and sub categories in a database

MS Reporting services vs Business Objects

Multiple MX IPs, SMTP connectors on one Exchange server