Microsoft
Software
Hardware
Network
Question : Detect the access a specific user has to a file or folder
I want to create a simple utility application which will display a Windows Explorer type interface. The user will be able to select a User or Group from a standard selection dialog and then the application will search the selected branch in the Explorer tree and report on which folders and files the selected user is able to access.
What I am trying to find out is HOW to determine what access a specific user has to a specific file or folder. I have seen some references to the Directory.GetAccessControl
function but this seems to be a very complicated route involving having to navigate through a list of Access Rules and applying priority for some rules over others.
What I would like is an example, in C# preferably, of how best to determine what access a specific user has to a specific file/folder. I would like to report on the standard set of Windows permissions, that is
Full Control
Modify
Read and Execute
Read
Write
This needs to be a C# solution really!
Answer : Detect the access a specific user has to a file or folder
Registry and file permissions are based upon the object you're attempting to access and not the registry or file system overall. Most everyone has read access to the registry (except a few keys) and files. Few people have write access.
To get the permissions related to a particular registry key, directory, file or any other securable object use the GetAccessControl method of the corresponding class (RegistryKey, Directory, etc). This gives you the list of permissions for the object. You then have to enumerate the access rules (each object exposes different rules) looking for a match between the current user and the object in question. You also have to examine the rights as a user's rights is the union of all rights they have on an object. Their group memberships also have an impact. If the user is the owner of the object then they have special rights to it as well. It is a lot of code to write.
Personally it is generally just easier and faster to try and perform the operation you want and then catch the security exception if it occurs. The problem with enumerating access rules is that they are only guaranteed valid when you grab them. While you're enumerating the rules someone could come along and change them on you. You therefore still have to handle the exception anyway.
Here's some links to code to get you started anyway:
http://visualstudiomagazin
e.com/feat
ures/artic
le.aspx?
ed
itorialsid
=1312
http://articles.techrepubl
ic.com.com
/5100-3513
-6181971.h
tml
Source:
http://forums.microsoft.co
m/MSDN/Sho
wPost.aspx
?
PostID=29
21140&Site
ID=1
Random Solutions
restored old Exchange mailbox from tape, message body missing, but sender and subject show, BackupExec 12 on SBS 2003
Microsoft Exchange 2000 is bouncing some mails?
Save Button - Undo Null Subform Record
SQL Server 2000 Backup File Size is Excessive
SQL Server 2005 Logins Auditing
Exchange 2007 error when sending meeting request to specific user
Help with Mini Dump Analysis
Scheduled Task result code
File Replication Solution for an Offsite File Server
Editing multiple registry files WITH Hex numbers
