C# .NET 2.0 File Security Problem

K

KeithM

[xposted to microsoft.public.dotnet.languages.csharp]

Hi,

I have a program that once used xcacls to set permissions on a folder.
I have now migrated from .NET 1.1 onto 2.0 and trying to use the
FileSystemRights, FileSystemAccessRule and DirectorySecurity classes to
manipulate permissions directly instead of calling out to xcacls.

Using the 'FileSystemRights.Write' permission I can apply the permissions to
the folder such that when using windows explorer to examine the properties I
can see the WriteData, AppendData, WriteExtendedAttributes and
WriteAttributes flags are all ticked when I look under 'advanced'[1].
This is the same as if I had applied the 'Write' permission manually using
explorer Security tab[2].
However when I have applied the permissions from C# code, if I then check
the properties in explorer for that folder, in the first window that appears
in Windows Explorer after bringing up properties and selecting the Security
tab, then highlight the user account I have applied the permissions for, in
the lower window labelled "Permissions for xyz", the "Write" box is not
ticked.
The special Permissions button is ticked but greyed out.

This behaviour is causing problems with other applications that seem to be
interrogating this "Write" permission on the security tab and then not
finding it set even though I have set exactly the same permissions that are
set if applied manually via explorer.

Can anyone explain what I need to do in the code to achieve the correct
behaviour?

[1] select folder of interest, right click, select properties, select
security tab, select user account of interest, select advanced button, on
next dialog, select same user account then click 'edit...' button

[2] select folder of interest, right click, select properties, select
security tab.

Hope this is clear.

The C# code I have currently is as follows:


FileSystemAccessRule access = new FileSystemAccessRule("account",
FileSystemRights.Write,
AccessControlType.Allow);
DirectorySecurity security = Directory.GetAccessControl("path of folder");

security.AddAccessRule(access);
Directory.SetAccessControl("path of folder", security);

(ignore any typos, this code runs ok)


Thanks
 
M

Morten Wennevik [C# MVP]

KeithM said:
[xposted to microsoft.public.dotnet.languages.csharp]

Hi,

I have a program that once used xcacls to set permissions on a folder.
I have now migrated from .NET 1.1 onto 2.0 and trying to use the
FileSystemRights, FileSystemAccessRule and DirectorySecurity classes to
manipulate permissions directly instead of calling out to xcacls.

Using the 'FileSystemRights.Write' permission I can apply the permissions to
the folder such that when using windows explorer to examine the properties I
can see the WriteData, AppendData, WriteExtendedAttributes and
WriteAttributes flags are all ticked when I look under 'advanced'[1].
This is the same as if I had applied the 'Write' permission manually using
explorer Security tab[2].
However when I have applied the permissions from C# code, if I then check
the properties in explorer for that folder, in the first window that appears
in Windows Explorer after bringing up properties and selecting the Security
tab, then highlight the user account I have applied the permissions for, in
the lower window labelled "Permissions for xyz", the "Write" box is not
ticked.
The special Permissions button is ticked but greyed out.

This behaviour is causing problems with other applications that seem to be
interrogating this "Write" permission on the security tab and then not
finding it set even though I have set exactly the same permissions that are
set if applied manually via explorer.

Can anyone explain what I need to do in the code to achieve the correct
behaviour?

[1] select folder of interest, right click, select properties, select
security tab, select user account of interest, select advanced button, on
next dialog, select same user account then click 'edit...' button

[2] select folder of interest, right click, select properties, select
security tab.

Hope this is clear.

The C# code I have currently is as follows:


FileSystemAccessRule access = new FileSystemAccessRule("account",
FileSystemRights.Write,
AccessControlType.Allow);
DirectorySecurity security = Directory.GetAccessControl("path of folder");

security.AddAccessRule(access);
Directory.SetAccessControl("path of folder", security);

(ignore any typos, this code runs ok)


Thanks

Hi Keith,

The default Write permission you set in the Security tab includes sub
folders and files within the folder and subfolders. You can achieve the same
by using an overload of the FileSystemAccessRule constructor

FileSystemAccessRule access = new FileSystemAccessRule("account",
FileSystemRights.Write,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);
 
J

\Ji Zhou [MSFT]\

Hello Keith,

Morten's codes work fine on my side. Please let us know if you have any
future questions or concerns on this issue. Have a good day!


Best regards,
Ji Zhou ([email protected], remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
K

KeithM

Morten Wennevik said:
KeithM said:
[1] select folder of interest, right click, select properties, select
security tab, select user account of interest, select advanced button, on
next dialog, select same user account then click 'edit...' button

[2] select folder of interest, right click, select properties, select
security tab.
Hi Keith,

The default Write permission you set in the Security tab includes sub
folders and files within the folder and subfolders. You can achieve the
same
by using an overload of the FileSystemAccessRule constructor

FileSystemAccessRule access = new FileSystemAccessRule("account",
FileSystemRights.Write,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow);

Excellent, that worked perfectly thanks.


Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top