Mitchell,
Reviewing Keith Brown's book something just occurred to me.
The user running the code is going to need a certain amount of permission to
get the list of permissions on an object (file), generally the "Read
Permissions" permission.
If the user doesn't have the "Read Permissions" permission I suspect that
File.GetAccessControl will throw an UnauthorizedAccessException, which I
believe is the same as when you attempt to open it for reading & you don't
have the "Read Data" permission...
--
Hope this helps
Jay [MVP - Outlook]
..NET Application Architect, Enthusiast, & Evangelist
T.S. Bradley -
http://www.tsbradley.net
| Jay, thank you very much for the reply. I'll look over the links you
| provided, but it really looks like you've steered me in the right
direction.
|
| - Mitchell S. Honnert
|
|
| message | > Mitchell,
| > In VS 2002 & 2003 (.NET 1.0 & 1.1) there is nothing available sans
| > P/Invoke.
| >
| > VS 2005 (.NET 2.0) includes a new System.Security.AccessControl
namespace
| > that makes this relatively easy.
| >
| >
http://msdn2.microsoft.com/en-us/library/tbsb79h3(en-US,VS.80).aspx
| >
| >
| > You can use the new File.GetAccessControl to get the
| > AuthorizationRuleCollection for a file:
| >
| >
http://msdn2.microsoft.com/en-us/library/system.io.file.getaccesscontrol.aspx
| >
| > You can use the new Directory.GetAccessControl to get the
| > AuthorizationRuleCollection for a directory:
| >
http://msdn2.microsoft.com/en-us/library/4kds9zxc(en-US,VS.80).aspx
| >
| > From looking at these two, these give you explicit permissions, not
| > effective permission for a user. I don't see right now how to do
| > "Effective
| > Permissions" as found on the "Advanced Security Settings for ..." dialog
| > from the Security tab of the file Properties in Windows Explorer on
| > Windows
| > XP.
| >
| >
| > Here's a quick sample on getting the explicit permissions on a file.
| >
| > Imports System.IO
| > Imports System.Security.AccessControl
| > Imports System.Security.Principal
| >
| > Public Sub Main()
| > Const fileName As String = "\Windows\Microsoft.NET\Framework\"
| >
| > Dim security As FileSecurity = File.GetAccessControl(fileName)
| >
| > Dim accessRules As AuthorizationRuleCollection =
| > security.GetAccessRules(True, True, GetType(NTAccount))
| >
| > For Each rule As FileSystemAccessRule In accessRules
| > Debug.WriteLine(rule.FileSystemRights,
| > rule.IdentityReference.Value)
| > Next
| >
| > End Sub
| >
| > If I find an example that gives effective permissions I'll post a follow
| > up.
| >
| > I am not seeing any thing on Keith Brown's blog right now:
| >
| >
http://pluralsight.com/blogs/keith/
| >
| > Keith Brown is author of "The .NET Developer's Guide to Windows
Security"
| > which I highly recommend.
| >
| >
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HomePage.html
| >
| > The following article explains the NTAccount object I use in the above
| > sample:
| >
| >
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToProgramWithSIDs.html
| >
| > Again, if I find anything further I will post.
| >
| > --
| > Hope this helps
| > Jay [MVP - Outlook]
| > .NET Application Architect, Enthusiast, & Evangelist
| > T.S. Bradley -
http://www.tsbradley.net
| >
| >
| > | > | Is there a way, given the full path of a folder on a network, that one
| > can
| > | programatically tell if you have Read access to that folder?
| > |
| > | I have an application where the user is able to select a number of
| > search
| > | folders using the standard dialog control. There shouldn't be an
issue
| > with
| > | the search folder being on a local drive or a network drive. But if
you
| > | don't have Read access to the folder, there's trouble. The user can
see
| > the
| > | folder on the network, so is able to select it in the dialog. But
| > they're
| > | not actually able to see any files in the folder, which makes
selecting
| > it
| > | as a search folder kind of pointless. What I'd like to do it, at the
| > time
| > | the user selects a network folder, check to see if the user actually
has
| > the
| > | ability to see files within the folder as well.
| > |
| > | I've tried playing around with the IO.Directory class and other class
in
| > IO,
| > | but if the solution is in there, I guess I'm just not finding it. I
| > suppose
| > | I could just try and read the files in the directory and catch the
| > access
| > | exception, but this just seems kludgy. If there's a better way, I'd
| > like
| > to
| > | use that.
| > |
| > | Thank,
| > |
| > | - Mitchell S. Honnert
| > |
| > |
| >
| >
|
|