Microsoft
Software
Hardware
Network
Question : Detect the access a specific user has to a file or folder
I want to create a simple utility application which will display a Windows Explorer type interface. The user will be able to select a User or Group from a standard selection dialog and then the application will search the selected branch in the Explorer tree and report on which folders and files the selected user is able to access.
What I am trying to find out is HOW to determine what access a specific user has to a specific file or folder. I have seen some references to the Directory.GetAccessControl
function but this seems to be a very complicated route involving having to navigate through a list of Access Rules and applying priority for some rules over others.
What I would like is an example, in C# preferably, of how best to determine what access a specific user has to a specific file/folder. I would like to report on the standard set of Windows permissions, that is
Full Control
Modify
Read and Execute
Read
Write
This needs to be a C# solution really!
Answer : Detect the access a specific user has to a file or folder
Registry and file permissions are based upon the object you're attempting to access and not the registry or file system overall. Most everyone has read access to the registry (except a few keys) and files. Few people have write access.
To get the permissions related to a particular registry key, directory, file or any other securable object use the GetAccessControl method of the corresponding class (RegistryKey, Directory, etc). This gives you the list of permissions for the object. You then have to enumerate the access rules (each object exposes different rules) looking for a match between the current user and the object in question. You also have to examine the rights as a user's rights is the union of all rights they have on an object. Their group memberships also have an impact. If the user is the owner of the object then they have special rights to it as well. It is a lot of code to write.
Personally it is generally just easier and faster to try and perform the operation you want and then catch the security exception if it occurs. The problem with enumerating access rules is that they are only guaranteed valid when you grab them. While you're enumerating the rules someone could come along and change them on you. You therefore still have to handle the exception anyway.
Here's some links to code to get you started anyway:
http://visualstudiomagazin
e.com/feat
ures/artic
le.aspx?
ed
itorialsid
=1312
http://articles.techrepubl
ic.com.com
/5100-3513
-6181971.h
tml
Source:
http://forums.microsoft.co
m/MSDN/Sho
wPost.aspx
?
PostID=29
21140&Site
ID=1
Random Solutions
how use javascript to expand and close div tags in asp.net page
HP, Pavilion, DV9548ca, XP downgrade; video drivers won't install
Removing Exchange 2000 from the organization without mailbox store
Google search history
copy Outlook 2007 Master category list to another computer
SQL Loader Decode function
No size shown after pfmigrate of public folders
Adding an .exe to a login script for "restricted" users....
WinMgmt win adap event id:37 Error
Access Query - Compare part of fields in two tables
