No problem I thought, the CLR will have something for it somewhere in Security, so I checked Google in the hopes to find which class to use.
But Google didn't find anything... This amazed me. "Why can't I control NTFS permissions with .NET ?!?"
After looking for an hour or so, I found a GotDotNet User Sample, called 'ACLs in .NET'. Finally I thought, now it's going to be plug in and set rights.
Well this library is great. It makes settings NTFS rights so easy.
But it lacks a bit in documentation. Therefore I'm providing some of the code I used with it, it could help you. (or it could show my possibly bad coding style, as far as my knowledge goes for know, it should be fine)
Reference the dll, and use it.
using Microsoft.Win32.Security;
Here's a method to add a dir, and set NTFS permissions on it for a given user:
private Boolean CreateDir(String strSitePath, String strUserName) {
Boolean bOk;
try {
Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;
Sid sidUser = new Sid (strUserName);
// allow: folder, subfolder and files
// modify
dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE));
// deny: this folder
// write attribs
// write extended attribs
// delete
// change permissions
// take ownership
DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC;
AccessType AType = (AccessType)DAType;
dacl.AddAce (new AceAccessDenied (sidUser, AType));
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
} catch {
bOk = false;
}
return bOk;
} /* CreateDir */
The AceFlags
And the DirectoryAccessType is used to create a AccessType with some permissions not in the AccessType enum.
I hope this is useful.
Estreat From http://weblogs.asp.net/cumpsd/archive/2004/02/08/69403.aspx
翻译:
今天我需要在新建的一些目录上面设置权限.
我想这是没有问题的,CLR的安全有一些这方面的东西,因此我就在Google上面去搜索想使用的类.
但是没有结果,令我很吃惊,为什么不可以用.net来控制NTFS的权限?
之后我查了大约一个多小时,终于找到了一个例子.在.net中使用ACLs.
我想,应该可以正确使用了.
这个类库太棒了. 在NTFS上设置权限太容易了.
在这方面文档太少了.因此我提供一些我使用到的一些代码,希望它能帮助你.(或许这也能把我的的代码的弱点暴露出来,尽可能快地增长我的知识面.这也是一种欣慰)
引用DLL并使用
using Microsoft.Win32.Security;
这儿是添加目录的一个方法, 为特定用户设置NTFS权限
private Boolean CreateDir(String strSitePath, String strUserName) {
Boolean bOk;
try {
Directory.CreateDirectory(strSitePath);
SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
Dacl dacl = secDesc.Dacl;
Sid sidUser = new Sid (strUserName);
// allow: folder, subfolder and files
// modify
dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE));
// deny: this folder
// write attribs
// write extended attribs
// delete
// change permissions
// take ownership
DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC;
AccessType AType = (AccessType)DAType;
dacl.AddAce (new AceAccessDenied (sidUser, AType));
secDesc.SetDacl(dacl);
secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
bOk = true;
} catch {
bOk = false;
}
return bOk;
} /* CreateDir */
源自房客的C#集
615
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
