/*
需要添加以下命名空间:
using System.IO;
using System.Security.AccessControl;
*/
string sPath = Server.MapPath(文件夹名称字符串);
Directory.CreateDirectory(sPath);
addpathPower(sPath, "ASPNET", "FullControl");
//
public void addpathPower(string pathname, string username, string power)
{
DirectoryInfo dirinfo = new DirectoryInfo(pathname);
if ((dirinfo.Attributes & FileAttributes.ReadOnly) != 0)
{
dirinfo.Attributes = FileAttributes.Normal;
}
//取得访问控制列表
DirectorySecurity dirsecurity = dirinfo.GetAccessControl();
switch (power)
{
case "FullControl":
dirsecurity.AddAccessRule(new FileSystemAccessRule(uername, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
break;
case "ReadOnly":
dirsecurity.AddAccessRule(new FileSystemAccessRule(username, FileSystemRights.Read, AccessControlType.Allow));
break;
case "Write":
dirsecurity.AddAccessRule(new FileSystemAccessRule(username, FileSystemRights.Write, AccessControlType.Allow));
break;
case "Modify":
dirsecurity.AddAccessRule(new FileSystemAccessRule(username, FileSystemRights.Modify, AccessControlType.Allow));
break;
}
dirinfo.SetAccessControl(dirsecurity);
}
本文出处:http://blog.csdn.net/LiveStar/archive/2008/07/20/2680734.aspx
==========================================================================
// 获取 指定目录 除Administrators和SYSTEM之外的 权限列表
public List GetDirectoryAccountSecurity(string DirName)
{
List dAccount = new List();
DirectoryInfo dInfo = new DirectoryInfo(DirName);
if (dInfo.Exists)
{
DirectorySecurity sec = Directory.GetAccessControl(DirName, AccessControlSections.All);
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (rule.IdentityReference.Value != @"NT AUTHORITYSYSTEM" && rule.IdentityReference.Value != @"BUILTINAdministrators")
dAccount.Add(rule.IdentityReference.Value);
}
}
return dAccount;
}
// 移除 指定目录 指定用户的 权限
public void RemoveDirectoryAccountSecurity(string DirName, string Account)
{
DirectoryInfo dInfo = new DirectoryInfo(DirName);
if (dInfo.Exists)
{
System.Security.Principal.NTAccount myAccount = new System.Security.Principal.NTAccount(System.Environment.MachineName, Account);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
FileSystemAccessRule AccessRule = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Allow);
FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, FileSystemRights.FullControl, AccessControlType.Deny);
InheritanceFlags iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
PropagationFlags pFlags = PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit;
dSecurity.AccessRuleFactory(myAccount, 983551, false, iFlags, pFlags, AccessControlType.Allow);
dSecurity.RemoveAccessRuleAll(AccessRule);
dSecurity.RemoveAccessRuleAll(AccessRule2);
dInfo.SetAccessControl(dSecurity);
}
}