473,803 Members | 3,752 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Ridicilous!

<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying* problem.
How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.File. Access(string Filename, PermissionAcces s);

Nothing!

Then I thought about System.Security .Permissions, and there is was, clear as
day FileIOPermissio n a class which "Controls the ability to access files
and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions!

Considerring that the framework is supposed to run on server class
platforms, why the omission?

In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:

A> Interop code.
B> Win32 Security.

I can handle Interop if I absolutely have to, but even on a good day, using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net
http://www.gotdotnet.com/community/u...f-e0705af065d9
No go, it requires me to add a component that is bigger then my code just to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of Win32
security.

To remind you, I'm trying to find out if my code has write access to a file,
on a framework that support multiply users, networks and such, this should
be a snap.
Instead...

Opening a file and catching the exception is the only easy way that I've,
and that is *not acceptable*.
</rant>

Seriously now, I really need a way to solve this problem, preferably with
something like:
FileAccess.Veri fy(filename,Wri teAccess);

Thanks in advance,
Ayende Rahien
Jul 21 '05 #1
46 2188
Ayende,

Unfortunately, the .NET Framework does not contain this functionality, and
calling into the Win32 API functions directly is quite a PITA. Luckily,
there is a managed wrapper available at
http://www.gotdotnet.com/Community/U...f-e0705af065d9.

HTH,
Nicole

"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ********@TK2MSF TNGP12.phx.gbl. ..
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem.
How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.File. Access(string Filename, PermissionAcces s);

Nothing!

Then I thought about System.Security .Permissions, and there is was, clear
as
day FileIOPermissio n a class which "Controls the ability to access files
and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions!

Considerring that the framework is supposed to run on server class
platforms, why the omission?

In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:

A> Interop code.
B> Win32 Security.

I can handle Interop if I absolutely have to, but even on a good day,
using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net
http://www.gotdotnet.com/community/u...f-e0705af065d9
No go, it requires me to add a component that is bigger then my code just
to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of Win32
security.

To remind you, I'm trying to find out if my code has write access to a
file,
on a framework that support multiply users, networks and such, this should
be a snap.
Instead...

Opening a file and catching the exception is the only easy way that I've,
and that is *not acceptable*.
</rant>

Seriously now, I really need a way to solve this problem, preferably with
something like:
FileAccess.Veri fy(filename,Wri teAccess);

Thanks in advance,
Ayende Rahien

Jul 21 '05 #2
Ayende,

Unfortunately, the .NET Framework does not contain this functionality, and
calling into the Win32 API functions directly is quite a PITA. Luckily,
there is a managed wrapper available at
http://www.gotdotnet.com/Community/U...f-e0705af065d9.

HTH,
Nicole

"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ********@TK2MSF TNGP12.phx.gbl. ..
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem.
How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.File. Access(string Filename, PermissionAcces s);

Nothing!

Then I thought about System.Security .Permissions, and there is was, clear
as
day FileIOPermissio n a class which "Controls the ability to access files
and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions!

Considerring that the framework is supposed to run on server class
platforms, why the omission?

In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:

A> Interop code.
B> Win32 Security.

I can handle Interop if I absolutely have to, but even on a good day,
using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net
http://www.gotdotnet.com/community/u...f-e0705af065d9
No go, it requires me to add a component that is bigger then my code just
to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of Win32
security.

To remind you, I'm trying to find out if my code has write access to a
file,
on a framework that support multiply users, networks and such, this should
be a snap.
Instead...

Opening a file and catching the exception is the only easy way that I've,
and that is *not acceptable*.
</rant>

Seriously now, I really need a way to solve this problem, preferably with
something like:
FileAccess.Veri fy(filename,Wri teAccess);

Thanks in advance,
Ayende Rahien

Jul 21 '05 #3
Yeah, I've seen that (see my original post), my problem is that my code
is a utility class, which can't have another library attached to it.
Beyond that, I could not fathom an easy way to see if I've an access to
a file.

Nicole Calinoiu wrote:
Ayende,

Unfortunately, the .NET Framework does not contain this functionality, and
calling into the Win32 API functions directly is quite a PITA. Luckily,
there is a managed wrapper available at
http://www.gotdotnet.com/Community/U...f-e0705af065d9.

HTH,
Nicole

"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ********@TK2MSF TNGP12.phx.gbl. ..
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem.
How to check if a user has a write access to a file?
Considerrin g that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.Fil e.Access(string Filename, PermissionAcces s);

Nothing!

Then I thought about System.Security .Permissions, and there is was, clear
as
day FileIOPermissio n a class which "Controls the ability to access files
and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions !

Considerrin g that the framework is supposed to run on server class
platforms, why the omission?

In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:

A> Interop code.
B> Win32 Security.

I can handle Interop if I absolutely have to, but even on a good day,
using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net
http://www.gotdotnet.com/community/u...f-e0705af065d9
No go, it requires me to add a component that is bigger then my code just
to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of Win32
security.

To remind you, I'm trying to find out if my code has write access to a
file,
on a framework that support multiply users, networks and such, this should
be a snap.
Instead...

Opening a file and catching the exception is the only easy way that I've,
and that is *not acceptable*.
</rant>

Seriously now, I really need a way to solve this problem, preferably with
something like:
FileAccess.Ve rify(filename,W riteAccess);

Thanks in advance,
Ayende Rahien


Jul 21 '05 #4
Yeah, I've seen that (see my original post), my problem is that my code
is a utility class, which can't have another library attached to it.
Beyond that, I could not fathom an easy way to see if I've an access to
a file.

Nicole Calinoiu wrote:
Ayende,

Unfortunately, the .NET Framework does not contain this functionality, and
calling into the Win32 API functions directly is quite a PITA. Luckily,
there is a managed wrapper available at
http://www.gotdotnet.com/Community/U...f-e0705af065d9.

HTH,
Nicole

"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ********@TK2MSF TNGP12.phx.gbl. ..
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem.
How to check if a user has a write access to a file?
Considerrin g that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.Fil e.Access(string Filename, PermissionAcces s);

Nothing!

Then I thought about System.Security .Permissions, and there is was, clear
as
day FileIOPermissio n a class which "Controls the ability to access files
and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions !

Considerrin g that the framework is supposed to run on server class
platforms, why the omission?

In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:

A> Interop code.
B> Win32 Security.

I can handle Interop if I absolutely have to, but even on a good day,
using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net
http://www.gotdotnet.com/community/u...f-e0705af065d9
No go, it requires me to add a component that is bigger then my code just
to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of Win32
security.

To remind you, I'm trying to find out if my code has write access to a
file,
on a framework that support multiply users, networks and such, this should
be a snap.
Instead...

Opening a file and catching the exception is the only easy way that I've,
and that is *not acceptable*.
</rant>

Seriously now, I really need a way to solve this problem, preferably with
something like:
FileAccess.Ve rify(filename,W riteAccess);

Thanks in advance,
Ayende Rahien


Jul 21 '05 #5
"Ayende Rahien" <Ay****@no.spam > wrote in
news:O3******** ******@TK2MSFTN GP12.phx.gbl:
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem. How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing
applications for servers & clients, which in both cases has may have
multi-users, I'm amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.File. Access(string Filename, PermissionAcces s);

Nothing!

I happened to run across some code in this very same newsgroup asking
basically the same question - I'll repost it for you assuming that you
didn't see it. This isn't my code and I haven't tested it, so use at your
own risk... I've included a few of the headers as well.

------------------

Subject: Re: Get ACL
From: "Willy Denoyette [MVP]" <wi************ *@pandora.be>
Newsgroups: microsoft.publi c.dotnet.langua ges.csharp

You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the
System.Director yServices (XP and higher) or System.Manageme nt namespace
instead.
Next is a complete example illustrating how to dump the ACE's from a File
object DACL using System.Manageme nt classes.

using System;
using System.Manageme nt;
using System.Collecti ons;
// Access mask (see AccessMask property)
[Flags]
enum Mask : uint
{
FileReadData = 0x00000001,
FileWriteData = 0x00000002,
FileAppendData = 0x00000004,
FileReadEA = 0x00000008,
FileWriteEA = 0x00000010,
FileExecute = 0x00000020,
FileDeleteChild = 0x00000040,
FileReadAttribu tes = 0x00000080,
FileWriteAttrib utes= 0x00000100,

Delete = 0x00010000,
ReadControl = 0x00020000,
WriteDac = 0x00040000,
WriteOwner = 0x00080000,
Synchronize = 0x00100000,

AccessSystemSec urity = 0x01000000,
MaximumAllowed = 0x02000000,

GenericAll = 0x10000000,
GenericExecute= 0x20000000,
GenericWrite = 0x40000000,
GenericRead = 0x80000000
}
[Flags]
enum AceFlags : int
{
ObjectInheritAc e = 1,
ContainerInheri tAce = 2,
NoPropagateInhe ritAce = 4,
InheritOnlyAce = 8,
InheritedAce = 16
}

[Flags]
enum AceType : int
{
AccessAllowed = 0,
AccessDenied = 1,
Audit = 2
}
class Tester {
public static void Main() {
string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes
using(Managemen tObject lfs = new
ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" +
fileObject + "'"))
{
// Get the security descriptor for this object
// Dump all trustees (this includes owner)
ManagementBaseO bject outParams =
lfs.InvokeMetho d("GetSecurityD escriptor", null, null);
if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if
success
{
ManagementBaseO bject secDescriptor =
((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value));
//The DACL is an array of Win32_ACE objects.
ManagementBaseO bject[] dacl =
((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value));
DumpACEs(dacl);

}
}
}

static void DumpACEs(Manage mentBaseObject[] dacl)
{
foreach(Managem entBaseObject mbo in dacl){
Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}",
mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied)
Console.WriteLi ne("DENIED ACE TYPE");
else
Console.WriteLi ne("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"]));
Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n",
Trustee.Propert ies["Name"].Value,
Trustee.Propert ies["Domain"].Value,
Trustee.Propert ies["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask "];
Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g"));
}
}
}

Jul 21 '05 #6
"Ayende Rahien" <Ay****@no.spam > wrote in
news:O3******** ******@TK2MSFTN GP12.phx.gbl:
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem. How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing
applications for servers & clients, which in both cases has may have
multi-users, I'm amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.File. Access(string Filename, PermissionAcces s);

Nothing!

I happened to run across some code in this very same newsgroup asking
basically the same question - I'll repost it for you assuming that you
didn't see it. This isn't my code and I haven't tested it, so use at your
own risk... I've included a few of the headers as well.

------------------

Subject: Re: Get ACL
From: "Willy Denoyette [MVP]" <wi************ *@pandora.be>
Newsgroups: microsoft.publi c.dotnet.langua ges.csharp

You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the
System.Director yServices (XP and higher) or System.Manageme nt namespace
instead.
Next is a complete example illustrating how to dump the ACE's from a File
object DACL using System.Manageme nt classes.

using System;
using System.Manageme nt;
using System.Collecti ons;
// Access mask (see AccessMask property)
[Flags]
enum Mask : uint
{
FileReadData = 0x00000001,
FileWriteData = 0x00000002,
FileAppendData = 0x00000004,
FileReadEA = 0x00000008,
FileWriteEA = 0x00000010,
FileExecute = 0x00000020,
FileDeleteChild = 0x00000040,
FileReadAttribu tes = 0x00000080,
FileWriteAttrib utes= 0x00000100,

Delete = 0x00010000,
ReadControl = 0x00020000,
WriteDac = 0x00040000,
WriteOwner = 0x00080000,
Synchronize = 0x00100000,

AccessSystemSec urity = 0x01000000,
MaximumAllowed = 0x02000000,

GenericAll = 0x10000000,
GenericExecute= 0x20000000,
GenericWrite = 0x40000000,
GenericRead = 0x80000000
}
[Flags]
enum AceFlags : int
{
ObjectInheritAc e = 1,
ContainerInheri tAce = 2,
NoPropagateInhe ritAce = 4,
InheritOnlyAce = 8,
InheritedAce = 16
}

[Flags]
enum AceType : int
{
AccessAllowed = 0,
AccessDenied = 1,
Audit = 2
}
class Tester {
public static void Main() {
string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes
using(Managemen tObject lfs = new
ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" +
fileObject + "'"))
{
// Get the security descriptor for this object
// Dump all trustees (this includes owner)
ManagementBaseO bject outParams =
lfs.InvokeMetho d("GetSecurityD escriptor", null, null);
if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if
success
{
ManagementBaseO bject secDescriptor =
((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value));
//The DACL is an array of Win32_ACE objects.
ManagementBaseO bject[] dacl =
((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value));
DumpACEs(dacl);

}
}
}

static void DumpACEs(Manage mentBaseObject[] dacl)
{
foreach(Managem entBaseObject mbo in dacl){
Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}",
mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied)
Console.WriteLi ne("DENIED ACE TYPE");
else
Console.WriteLi ne("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"]));
Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n",
Trustee.Propert ies["Name"].Value,
Trustee.Propert ies["Domain"].Value,
Trustee.Propert ies["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask "];
Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g"));
}
}
}

Jul 21 '05 #7
Michael Bray wrote:
"Ayende Rahien" <Ay****@no.spam > wrote in
news:O3******** ******@TK2MSFTN GP12.phx.gbl:

<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem. How to check if a user has a write access to a file?
Considerrin g that .Net is supposed to be a system for writing
application s for servers & clients, which in both cases has may have
multi-users, I'm amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.Fil e.Access(string Filename, PermissionAcces s);

Nothing!
I happened to run across some code in this very same newsgroup asking
basically the same question - I'll repost it for you assuming that you
didn't see it. This isn't my code and I haven't tested it, so use at your
own risk... I've included a few of the headers as well.


Thanks a lot.
Could you show me how to use this to check if I've write access to the file?

------------------

Subject: Re: Get ACL
From: "Willy Denoyette [MVP]" <wi************ *@pandora.be>
Newsgroups: microsoft.publi c.dotnet.langua ges.csharp

You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the
System.Director yServices (XP and higher) or System.Manageme nt namespace
instead.
Next is a complete example illustrating how to dump the ACE's from a File
object DACL using System.Manageme nt classes.

using System;
using System.Manageme nt;
using System.Collecti ons;
// Access mask (see AccessMask property)
[Flags]
enum Mask : uint
{
FileReadData = 0x00000001,
FileWriteData = 0x00000002,
FileAppendData = 0x00000004,
FileReadEA = 0x00000008,
FileWriteEA = 0x00000010,
FileExecute = 0x00000020,
FileDeleteChild = 0x00000040,
FileReadAttribu tes = 0x00000080,
FileWriteAttrib utes= 0x00000100,

Delete = 0x00010000,
ReadControl = 0x00020000,
WriteDac = 0x00040000,
WriteOwner = 0x00080000,
Synchronize = 0x00100000,

AccessSystemSec urity = 0x01000000,
MaximumAllowed = 0x02000000,

GenericAll = 0x10000000,
GenericExecute= 0x20000000,
GenericWrite = 0x40000000,
GenericRead = 0x80000000
}
[Flags]
enum AceFlags : int
{
ObjectInheritAc e = 1,
ContainerInheri tAce = 2,
NoPropagateInhe ritAce = 4,
InheritOnlyAce = 8,
InheritedAce = 16
}

[Flags]
enum AceType : int
{
AccessAllowed = 0,
AccessDenied = 1,
Audit = 2
}
class Tester {
public static void Main() {
string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes
using(Managemen tObject lfs = new
ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" +
fileObject + "'"))
{
// Get the security descriptor for this object
// Dump all trustees (this includes owner)
ManagementBaseO bject outParams =
lfs.InvokeMetho d("GetSecurityD escriptor", null, null);
if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if
success
{
ManagementBaseO bject secDescriptor =
((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value));
//The DACL is an array of Win32_ACE objects.
ManagementBaseO bject[] dacl =
((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value));
DumpACEs(dacl);

}
}
}

static void DumpACEs(Manage mentBaseObject[] dacl)
{
foreach(Managem entBaseObject mbo in dacl){
Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}",
mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied)
Console.WriteLi ne("DENIED ACE TYPE");
else
Console.WriteLi ne("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"]));
Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n",
Trustee.Propert ies["Name"].Value,
Trustee.Propert ies["Domain"].Value,
Trustee.Propert ies["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask "];
Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g"));
}
}
}

Jul 21 '05 #8
Michael Bray wrote:
"Ayende Rahien" <Ay****@no.spam > wrote in
news:O3******** ******@TK2MSFTN GP12.phx.gbl:

<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying*
problem. How to check if a user has a write access to a file?
Considerrin g that .Net is supposed to be a system for writing
application s for servers & clients, which in both cases has may have
multi-users, I'm amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.Fil e.Access(string Filename, PermissionAcces s);

Nothing!
I happened to run across some code in this very same newsgroup asking
basically the same question - I'll repost it for you assuming that you
didn't see it. This isn't my code and I haven't tested it, so use at your
own risk... I've included a few of the headers as well.


Thanks a lot.
Could you show me how to use this to check if I've write access to the file?

------------------

Subject: Re: Get ACL
From: "Willy Denoyette [MVP]" <wi************ *@pandora.be>
Newsgroups: microsoft.publi c.dotnet.langua ges.csharp

You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the
System.Director yServices (XP and higher) or System.Manageme nt namespace
instead.
Next is a complete example illustrating how to dump the ACE's from a File
object DACL using System.Manageme nt classes.

using System;
using System.Manageme nt;
using System.Collecti ons;
// Access mask (see AccessMask property)
[Flags]
enum Mask : uint
{
FileReadData = 0x00000001,
FileWriteData = 0x00000002,
FileAppendData = 0x00000004,
FileReadEA = 0x00000008,
FileWriteEA = 0x00000010,
FileExecute = 0x00000020,
FileDeleteChild = 0x00000040,
FileReadAttribu tes = 0x00000080,
FileWriteAttrib utes= 0x00000100,

Delete = 0x00010000,
ReadControl = 0x00020000,
WriteDac = 0x00040000,
WriteOwner = 0x00080000,
Synchronize = 0x00100000,

AccessSystemSec urity = 0x01000000,
MaximumAllowed = 0x02000000,

GenericAll = 0x10000000,
GenericExecute= 0x20000000,
GenericWrite = 0x40000000,
GenericRead = 0x80000000
}
[Flags]
enum AceFlags : int
{
ObjectInheritAc e = 1,
ContainerInheri tAce = 2,
NoPropagateInhe ritAce = 4,
InheritOnlyAce = 8,
InheritedAce = 16
}

[Flags]
enum AceType : int
{
AccessAllowed = 0,
AccessDenied = 1,
Audit = 2
}
class Tester {
public static void Main() {
string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes
using(Managemen tObject lfs = new
ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" +
fileObject + "'"))
{
// Get the security descriptor for this object
// Dump all trustees (this includes owner)
ManagementBaseO bject outParams =
lfs.InvokeMetho d("GetSecurityD escriptor", null, null);
if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if
success
{
ManagementBaseO bject secDescriptor =
((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value));
//The DACL is an array of Win32_ACE objects.
ManagementBaseO bject[] dacl =
((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value));
DumpACEs(dacl);

}
}
}

static void DumpACEs(Manage mentBaseObject[] dacl)
{
foreach(Managem entBaseObject mbo in dacl){
Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}",
mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied)
Console.WriteLi ne("DENIED ACE TYPE");
else
Console.WriteLi ne("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"]));
Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n",
Trustee.Propert ies["Name"].Value,
Trustee.Propert ies["Domain"].Value,
Trustee.Propert ies["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask "];
Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g"));
}
}
}

Jul 21 '05 #9
Wow I posted late I guess, if your doing a library then you want to use the
WMI method. I believe one of the other posters posted a previous example of
doing this from a former thread.

-Enjoy!!

-Evan
"Evan Freeman[C++ Samuri]" <Ev**********@f mr.com> wrote in message
news:3n******** ******@news-srv1.fmr.com...
Heyas

FileIOPermissio n is a Code Access Security permission, not a Windows
role-based security permission. What you want is the ability to examine the security descriptor on the file and examine the rights of the various
Windows trustees in the entries in the DACL.

There are a couple of ways to do this. You could use COM interop and the
IADsSecurityUti lity interface in ADSI, or you could use WMI, or use
the Win32 security .NET wrapper on GotDotNet that talks directly to the
Windows APIs.

Hint: The wrapper is the one you want.

-Enjoy!!

-Evan
"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ******@TK2MSFTN GP12.phx.gbl...
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying* problem.
How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework.
Initially I looked for something like:

System.IO.File. Access(string Filename, PermissionAcces s);

Nothing!

Then I thought about System.Security .Permissions, and there is was, clear as
day FileIOPermissio n a class which "Controls the ability to access
files and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions!

Considerring that the framework is supposed to run on server class
platforms, why the omission?

In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:

A> Interop code.
B> Win32 Security.

I can handle Interop if I absolutely have to, but even on a good day,

using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net

http://www.gotdotnet.com/community/u...mpleguid=e6098 575-dda0-48b8-9abf-e0705af065d9
No go, it requires me to add a component that is bigger then my code just
to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of

Win32 security.

To remind you, I'm trying to find out if my code has write access to a

file,
on a framework that support multiply users, networks and such, this should be a snap.
Instead...

Opening a file and catching the exception is the only easy way that I've, and that is *not acceptable*.
</rant>

Seriously now, I really need a way to solve this problem, preferably with something like:
FileAccess.Veri fy(filename,Wri teAccess);

Thanks in advance,
Ayende Rahien


Jul 21 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
23
496
Ridicilous!
by: Ayende Rahien | last post by:
<rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerring that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like: ...
.NET Framework
0
10555
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10317
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10300
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
10069
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
7607
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6844
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5503
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4277
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
3
2974
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us