<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying* problem.
How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:
System.IO.File. Access(string Filename, PermissionAcces s);
Nothing!
Then I thought about System.Security .Permissions, and there is was, clear as
day FileIOPermissio n a class which "Controls the ability to access files
and folders."
But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32
permissions!
Considerring that the framework is supposed to run on server class
platforms, why the omission?
In C & C++ I can do _access() and get the info I want, in .Net? I get to
delve into:
A> Interop code.
B> Win32 Security.
I can handle Interop if I absolutely have to, but even on a good day, using
C++ I don't like Win32 Security, and all the tricks that are used there.
I checked ACLs in .Net http://www.gotdotnet.com/community/u...f-e0705af065d9
No go, it requires me to add a component that is bigger then my code just to
do so, and add several level of complexities to my life.
Not to mention, again, having to deal with all the minor details of Win32
security.
To remind you, I'm trying to find out if my code has write access to a file,
on a framework that support multiply users, networks and such, this should
be a snap.
Instead...
Opening a file and catching the exception is the only easy way that I've,
and that is *not acceptable*.
</rant>
Seriously now, I really need a way to solve this problem, preferably with
something like:
FileAccess.Veri fy(filename,Wri teAccess);
Thanks in advance,
Ayende Rahien 46 2188
Ayende,
Unfortunately, the .NET Framework does not contain this functionality, and
calling into the Win32 API functions directly is quite a PITA. Luckily,
there is a managed wrapper available at http://www.gotdotnet.com/Community/U...f-e0705af065d9.
HTH,
Nicole
"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ********@TK2MSF TNGP12.phx.gbl. .. <rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerring that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.File. Access(string Filename, PermissionAcces s);
Nothing!
Then I thought about System.Security .Permissions, and there is was, clear as day FileIOPermissio n a class which "Controls the ability to access files and folders." But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32 permissions!
Considerring that the framework is supposed to run on server class platforms, why the omission?
In C & C++ I can do _access() and get the info I want, in .Net? I get to delve into:
A> Interop code. B> Win32 Security.
I can handle Interop if I absolutely have to, but even on a good day, using C++ I don't like Win32 Security, and all the tricks that are used there. I checked ACLs in .Net http://www.gotdotnet.com/community/u...f-e0705af065d9 No go, it requires me to add a component that is bigger then my code just to do so, and add several level of complexities to my life. Not to mention, again, having to deal with all the minor details of Win32 security.
To remind you, I'm trying to find out if my code has write access to a file, on a framework that support multiply users, networks and such, this should be a snap. Instead...
Opening a file and catching the exception is the only easy way that I've, and that is *not acceptable*. </rant>
Seriously now, I really need a way to solve this problem, preferably with something like: FileAccess.Veri fy(filename,Wri teAccess);
Thanks in advance, Ayende Rahien
Ayende,
Unfortunately, the .NET Framework does not contain this functionality, and
calling into the Win32 API functions directly is quite a PITA. Luckily,
there is a managed wrapper available at http://www.gotdotnet.com/Community/U...f-e0705af065d9.
HTH,
Nicole
"Ayende Rahien" <Ay****@no.spam > wrote in message
news:O3******** ********@TK2MSF TNGP12.phx.gbl. .. <rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerring that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.File. Access(string Filename, PermissionAcces s);
Nothing!
Then I thought about System.Security .Permissions, and there is was, clear as day FileIOPermissio n a class which "Controls the ability to access files and folders." But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32 permissions!
Considerring that the framework is supposed to run on server class platforms, why the omission?
In C & C++ I can do _access() and get the info I want, in .Net? I get to delve into:
A> Interop code. B> Win32 Security.
I can handle Interop if I absolutely have to, but even on a good day, using C++ I don't like Win32 Security, and all the tricks that are used there. I checked ACLs in .Net http://www.gotdotnet.com/community/u...f-e0705af065d9 No go, it requires me to add a component that is bigger then my code just to do so, and add several level of complexities to my life. Not to mention, again, having to deal with all the minor details of Win32 security.
To remind you, I'm trying to find out if my code has write access to a file, on a framework that support multiply users, networks and such, this should be a snap. Instead...
Opening a file and catching the exception is the only easy way that I've, and that is *not acceptable*. </rant>
Seriously now, I really need a way to solve this problem, preferably with something like: FileAccess.Veri fy(filename,Wri teAccess);
Thanks in advance, Ayende Rahien
Yeah, I've seen that (see my original post), my problem is that my code
is a utility class, which can't have another library attached to it.
Beyond that, I could not fathom an easy way to see if I've an access to
a file.
Nicole Calinoiu wrote: Ayende,
Unfortunately, the .NET Framework does not contain this functionality, and calling into the Win32 API functions directly is quite a PITA. Luckily, there is a managed wrapper available at http://www.gotdotnet.com/Community/U...f-e0705af065d9.
HTH, Nicole
"Ayende Rahien" <Ay****@no.spam > wrote in message news:O3******** ********@TK2MSF TNGP12.phx.gbl. ..
<rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerrin g that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.Fil e.Access(string Filename, PermissionAcces s);
Nothing!
Then I thought about System.Security .Permissions, and there is was, clear as day FileIOPermissio n a class which "Controls the ability to access files and folders." But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32 permissions !
Considerrin g that the framework is supposed to run on server class platforms, why the omission?
In C & C++ I can do _access() and get the info I want, in .Net? I get to delve into:
A> Interop code. B> Win32 Security.
I can handle Interop if I absolutely have to, but even on a good day, using C++ I don't like Win32 Security, and all the tricks that are used there. I checked ACLs in .Net http://www.gotdotnet.com/community/u...f-e0705af065d9 No go, it requires me to add a component that is bigger then my code just to do so, and add several level of complexities to my life. Not to mention, again, having to deal with all the minor details of Win32 security.
To remind you, I'm trying to find out if my code has write access to a file, on a framework that support multiply users, networks and such, this should be a snap. Instead...
Opening a file and catching the exception is the only easy way that I've, and that is *not acceptable*. </rant>
Seriously now, I really need a way to solve this problem, preferably with something like: FileAccess.Ve rify(filename,W riteAccess);
Thanks in advance, Ayende Rahien
Yeah, I've seen that (see my original post), my problem is that my code
is a utility class, which can't have another library attached to it.
Beyond that, I could not fathom an easy way to see if I've an access to
a file.
Nicole Calinoiu wrote: Ayende,
Unfortunately, the .NET Framework does not contain this functionality, and calling into the Win32 API functions directly is quite a PITA. Luckily, there is a managed wrapper available at http://www.gotdotnet.com/Community/U...f-e0705af065d9.
HTH, Nicole
"Ayende Rahien" <Ay****@no.spam > wrote in message news:O3******** ********@TK2MSF TNGP12.phx.gbl. ..
<rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerrin g that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.Fil e.Access(string Filename, PermissionAcces s);
Nothing!
Then I thought about System.Security .Permissions, and there is was, clear as day FileIOPermissio n a class which "Controls the ability to access files and folders." But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32 permissions !
Considerrin g that the framework is supposed to run on server class platforms, why the omission?
In C & C++ I can do _access() and get the info I want, in .Net? I get to delve into:
A> Interop code. B> Win32 Security.
I can handle Interop if I absolutely have to, but even on a good day, using C++ I don't like Win32 Security, and all the tricks that are used there. I checked ACLs in .Net http://www.gotdotnet.com/community/u...f-e0705af065d9 No go, it requires me to add a component that is bigger then my code just to do so, and add several level of complexities to my life. Not to mention, again, having to deal with all the minor details of Win32 security.
To remind you, I'm trying to find out if my code has write access to a file, on a framework that support multiply users, networks and such, this should be a snap. Instead...
Opening a file and catching the exception is the only easy way that I've, and that is *not acceptable*. </rant>
Seriously now, I really need a way to solve this problem, preferably with something like: FileAccess.Ve rify(filename,W riteAccess);
Thanks in advance, Ayende Rahien
"Ayende Rahien" <Ay****@no.spam > wrote in
news:O3******** ******@TK2MSFTN GP12.phx.gbl: <rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerring that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.File. Access(string Filename, PermissionAcces s);
Nothing!
I happened to run across some code in this very same newsgroup asking
basically the same question - I'll repost it for you assuming that you
didn't see it. This isn't my code and I haven't tested it, so use at your
own risk... I've included a few of the headers as well.
------------------
Subject: Re: Get ACL
From: "Willy Denoyette [MVP]" <wi************ *@pandora.be>
Newsgroups: microsoft.publi c.dotnet.langua ges.csharp
You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the
System.Director yServices (XP and higher) or System.Manageme nt namespace
instead.
Next is a complete example illustrating how to dump the ACE's from a File
object DACL using System.Manageme nt classes.
using System;
using System.Manageme nt;
using System.Collecti ons;
// Access mask (see AccessMask property)
[Flags]
enum Mask : uint
{
FileReadData = 0x00000001,
FileWriteData = 0x00000002,
FileAppendData = 0x00000004,
FileReadEA = 0x00000008,
FileWriteEA = 0x00000010,
FileExecute = 0x00000020,
FileDeleteChild = 0x00000040,
FileReadAttribu tes = 0x00000080,
FileWriteAttrib utes= 0x00000100,
Delete = 0x00010000,
ReadControl = 0x00020000,
WriteDac = 0x00040000,
WriteOwner = 0x00080000,
Synchronize = 0x00100000,
AccessSystemSec urity = 0x01000000,
MaximumAllowed = 0x02000000,
GenericAll = 0x10000000,
GenericExecute= 0x20000000,
GenericWrite = 0x40000000,
GenericRead = 0x80000000
}
[Flags]
enum AceFlags : int
{
ObjectInheritAc e = 1,
ContainerInheri tAce = 2,
NoPropagateInhe ritAce = 4,
InheritOnlyAce = 8,
InheritedAce = 16
}
[Flags]
enum AceType : int
{
AccessAllowed = 0,
AccessDenied = 1,
Audit = 2
}
class Tester {
public static void Main() {
string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes
using(Managemen tObject lfs = new
ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" +
fileObject + "'"))
{
// Get the security descriptor for this object
// Dump all trustees (this includes owner)
ManagementBaseO bject outParams =
lfs.InvokeMetho d("GetSecurityD escriptor", null, null);
if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if
success
{
ManagementBaseO bject secDescriptor =
((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value));
//The DACL is an array of Win32_ACE objects.
ManagementBaseO bject[] dacl =
((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value));
DumpACEs(dacl);
}
}
}
static void DumpACEs(Manage mentBaseObject[] dacl)
{
foreach(Managem entBaseObject mbo in dacl){
Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}",
mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied)
Console.WriteLi ne("DENIED ACE TYPE");
else
Console.WriteLi ne("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"]));
Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n",
Trustee.Propert ies["Name"].Value,
Trustee.Propert ies["Domain"].Value,
Trustee.Propert ies["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask "];
Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g"));
}
}
}
"Ayende Rahien" <Ay****@no.spam > wrote in
news:O3******** ******@TK2MSFTN GP12.phx.gbl: <rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerring that .Net is supposed to be a system for writing applications for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.File. Access(string Filename, PermissionAcces s);
Nothing!
I happened to run across some code in this very same newsgroup asking
basically the same question - I'll repost it for you assuming that you
didn't see it. This isn't my code and I haven't tested it, so use at your
own risk... I've included a few of the headers as well.
------------------
Subject: Re: Get ACL
From: "Willy Denoyette [MVP]" <wi************ *@pandora.be>
Newsgroups: microsoft.publi c.dotnet.langua ges.csharp
You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the
System.Director yServices (XP and higher) or System.Manageme nt namespace
instead.
Next is a complete example illustrating how to dump the ACE's from a File
object DACL using System.Manageme nt classes.
using System;
using System.Manageme nt;
using System.Collecti ons;
// Access mask (see AccessMask property)
[Flags]
enum Mask : uint
{
FileReadData = 0x00000001,
FileWriteData = 0x00000002,
FileAppendData = 0x00000004,
FileReadEA = 0x00000008,
FileWriteEA = 0x00000010,
FileExecute = 0x00000020,
FileDeleteChild = 0x00000040,
FileReadAttribu tes = 0x00000080,
FileWriteAttrib utes= 0x00000100,
Delete = 0x00010000,
ReadControl = 0x00020000,
WriteDac = 0x00040000,
WriteOwner = 0x00080000,
Synchronize = 0x00100000,
AccessSystemSec urity = 0x01000000,
MaximumAllowed = 0x02000000,
GenericAll = 0x10000000,
GenericExecute= 0x20000000,
GenericWrite = 0x40000000,
GenericRead = 0x80000000
}
[Flags]
enum AceFlags : int
{
ObjectInheritAc e = 1,
ContainerInheri tAce = 2,
NoPropagateInhe ritAce = 4,
InheritOnlyAce = 8,
InheritedAce = 16
}
[Flags]
enum AceType : int
{
AccessAllowed = 0,
AccessDenied = 1,
Audit = 2
}
class Tester {
public static void Main() {
string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes
using(Managemen tObject lfs = new
ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" +
fileObject + "'"))
{
// Get the security descriptor for this object
// Dump all trustees (this includes owner)
ManagementBaseO bject outParams =
lfs.InvokeMetho d("GetSecurityD escriptor", null, null);
if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if
success
{
ManagementBaseO bject secDescriptor =
((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value));
//The DACL is an array of Win32_ACE objects.
ManagementBaseO bject[] dacl =
((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value));
DumpACEs(dacl);
}
}
}
static void DumpACEs(Manage mentBaseObject[] dacl)
{
foreach(Managem entBaseObject mbo in dacl){
Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}",
mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]);
// Access allowed/denied ACE
if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied)
Console.WriteLi ne("DENIED ACE TYPE");
else
Console.WriteLi ne("ALLOWED ACE TYPE");
// Dump trustees
ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"]));
Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n",
Trustee.Propert ies["Name"].Value,
Trustee.Propert ies["Domain"].Value,
Trustee.Propert ies["SIDString"].Value);
// Dump ACE mask in readable form
UInt32 mask = (UInt32)mbo["AccessMask "];
Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g"));
}
}
}
Michael Bray wrote: "Ayende Rahien" <Ay****@no.spam > wrote in news:O3******** ******@TK2MSFTN GP12.phx.gbl:
<rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerrin g that .Net is supposed to be a system for writing application s for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.Fil e.Access(string Filename, PermissionAcces s);
Nothing!
I happened to run across some code in this very same newsgroup asking basically the same question - I'll repost it for you assuming that you didn't see it. This isn't my code and I haven't tested it, so use at your own risk... I've included a few of the headers as well.
Thanks a lot.
Could you show me how to use this to check if I've write access to the file? ------------------
Subject: Re: Get ACL From: "Willy Denoyette [MVP]" <wi************ *@pandora.be> Newsgroups: microsoft.publi c.dotnet.langua ges.csharp
You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the System.Director yServices (XP and higher) or System.Manageme nt namespace instead. Next is a complete example illustrating how to dump the ACE's from a File object DACL using System.Manageme nt classes.
using System; using System.Manageme nt; using System.Collecti ons; // Access mask (see AccessMask property) [Flags] enum Mask : uint { FileReadData = 0x00000001, FileWriteData = 0x00000002, FileAppendData = 0x00000004, FileReadEA = 0x00000008, FileWriteEA = 0x00000010, FileExecute = 0x00000020, FileDeleteChild = 0x00000040, FileReadAttribu tes = 0x00000080, FileWriteAttrib utes= 0x00000100,
Delete = 0x00010000, ReadControl = 0x00020000, WriteDac = 0x00040000, WriteOwner = 0x00080000, Synchronize = 0x00100000,
AccessSystemSec urity = 0x01000000, MaximumAllowed = 0x02000000,
GenericAll = 0x10000000, GenericExecute= 0x20000000, GenericWrite = 0x40000000, GenericRead = 0x80000000 } [Flags] enum AceFlags : int { ObjectInheritAc e = 1, ContainerInheri tAce = 2, NoPropagateInhe ritAce = 4, InheritOnlyAce = 8, InheritedAce = 16 }
[Flags] enum AceType : int { AccessAllowed = 0, AccessDenied = 1, Audit = 2 } class Tester { public static void Main() { string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes using(Managemen tObject lfs = new ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" + fileObject + "'")) { // Get the security descriptor for this object // Dump all trustees (this includes owner) ManagementBaseO bject outParams = lfs.InvokeMetho d("GetSecurityD escriptor", null, null); if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if success { ManagementBaseO bject secDescriptor = ((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value)); //The DACL is an array of Win32_ACE objects. ManagementBaseO bject[] dacl = ((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value)); DumpACEs(dacl);
} } }
static void DumpACEs(Manage mentBaseObject[] dacl) { foreach(Managem entBaseObject mbo in dacl){ Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}", mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]); // Access allowed/denied ACE if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied) Console.WriteLi ne("DENIED ACE TYPE"); else Console.WriteLi ne("ALLOWED ACE TYPE"); // Dump trustees ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"])); Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n", Trustee.Propert ies["Name"].Value, Trustee.Propert ies["Domain"].Value, Trustee.Propert ies["SIDString"].Value); // Dump ACE mask in readable form UInt32 mask = (UInt32)mbo["AccessMask "]; Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g")); } } }
Michael Bray wrote: "Ayende Rahien" <Ay****@no.spam > wrote in news:O3******** ******@TK2MSFTN GP12.phx.gbl:
<rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerrin g that .Net is supposed to be a system for writing application s for servers & clients, which in both cases has may have multi-users, I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.Fil e.Access(string Filename, PermissionAcces s);
Nothing!
I happened to run across some code in this very same newsgroup asking basically the same question - I'll repost it for you assuming that you didn't see it. This isn't my code and I haven't tested it, so use at your own risk... I've included a few of the headers as well.
Thanks a lot.
Could you show me how to use this to check if I've write access to the file? ------------------
Subject: Re: Get ACL From: "Willy Denoyette [MVP]" <wi************ *@pandora.be> Newsgroups: microsoft.publi c.dotnet.langua ges.csharp
You shouldn't use "unsupporte d" stuff like Win32Security.d ll, use the System.Director yServices (XP and higher) or System.Manageme nt namespace instead. Next is a complete example illustrating how to dump the ACE's from a File object DACL using System.Manageme nt classes.
using System; using System.Manageme nt; using System.Collecti ons; // Access mask (see AccessMask property) [Flags] enum Mask : uint { FileReadData = 0x00000001, FileWriteData = 0x00000002, FileAppendData = 0x00000004, FileReadEA = 0x00000008, FileWriteEA = 0x00000010, FileExecute = 0x00000020, FileDeleteChild = 0x00000040, FileReadAttribu tes = 0x00000080, FileWriteAttrib utes= 0x00000100,
Delete = 0x00010000, ReadControl = 0x00020000, WriteDac = 0x00040000, WriteOwner = 0x00080000, Synchronize = 0x00100000,
AccessSystemSec urity = 0x01000000, MaximumAllowed = 0x02000000,
GenericAll = 0x10000000, GenericExecute= 0x20000000, GenericWrite = 0x40000000, GenericRead = 0x80000000 } [Flags] enum AceFlags : int { ObjectInheritAc e = 1, ContainerInheri tAce = 2, NoPropagateInhe ritAce = 4, InheritOnlyAce = 8, InheritedAce = 16 }
[Flags] enum AceType : int { AccessAllowed = 0, AccessDenied = 1, Audit = 2 } class Tester { public static void Main() { string fileObject = @"c:\\pipo\\t.t xt"; // Watch the double Backslashes using(Managemen tObject lfs = new ManagementObjec t(@"Win32_Logic alFileSecurityS etting.Path=" + "'" + fileObject + "'")) { // Get the security descriptor for this object // Dump all trustees (this includes owner) ManagementBaseO bject outParams = lfs.InvokeMetho d("GetSecurityD escriptor", null, null); if (((uint)(outPar ams.Properties["ReturnValu e"].Value)) == 0) // if success { ManagementBaseO bject secDescriptor = ((ManagementBas eObject)(outPar ams.Properties["Descriptor "].Value)); //The DACL is an array of Win32_ACE objects. ManagementBaseO bject[] dacl = ((ManagementBas eObject[])(secDescriptor .Properties["Dacl"].Value)); DumpACEs(dacl);
} } }
static void DumpACEs(Manage mentBaseObject[] dacl) { foreach(Managem entBaseObject mbo in dacl){ Console.WriteLi ne("\n---------\nMask: {0:X} - Flags: {1} - Type: {2}", mbo["AccessMask "], mbo["AceFlags"], mbo["AceType"]); // Access allowed/denied ACE if(Convert.ToIn t32(mbo["AceType"]) == (int)AceType.Ac cessDenied) Console.WriteLi ne("DENIED ACE TYPE"); else Console.WriteLi ne("ALLOWED ACE TYPE"); // Dump trustees ManagementBaseO bject Trustee = ((ManagementBas eObject)(mbo["Trustee"])); Console.WriteLi ne("Name: {0} - Domain: {1} - SID {2}\n", Trustee.Propert ies["Name"].Value, Trustee.Propert ies["Domain"].Value, Trustee.Propert ies["SIDString"].Value); // Dump ACE mask in readable form UInt32 mask = (UInt32)mbo["AccessMask "]; Console.WriteLi ne(Enum.Format( typeof(Mask), mask, "g")); } } }
Wow I posted late I guess, if your doing a library then you want to use the
WMI method. I believe one of the other posters posted a previous example of
doing this from a former thread.
-Enjoy!!
-Evan
"Evan Freeman[C++ Samuri]" <Ev**********@f mr.com> wrote in message
news:3n******** ******@news-srv1.fmr.com... Heyas
FileIOPermissio n is a Code Access Security permission, not a Windows role-based security permission. What you want is the ability to examine
the security descriptor on the file and examine the rights of the various Windows trustees in the entries in the DACL.
There are a couple of ways to do this. You could use COM interop and the IADsSecurityUti lity interface in ADSI, or you could use WMI, or use the Win32 security .NET wrapper on GotDotNet that talks directly to the Windows APIs.
Hint: The wrapper is the one you want.
-Enjoy!!
-Evan
"Ayende Rahien" <Ay****@no.spam > wrote in message news:O3******** ******@TK2MSFTN GP12.phx.gbl... <rant warning="I'm pissed off and have to vent" request="need help> For the last couple of hours I'm struggling with a very *annoying* problem. How to check if a user has a write access to a file? Considerring that .Net is supposed to be a system for writing
applications for servers & clients, which in both cases has may have multi-users,
I'm amazed that this is not possible in the framework. Initially I looked for something like:
System.IO.File. Access(string Filename, PermissionAcces s);
Nothing!
Then I thought about System.Security .Permissions, and there is was,
clear as day FileIOPermissio n a class which "Controls the ability to access
files and folders." But no! FileIOPermissio n works for .Net permissions, it doesn't do Win32 permissions!
Considerring that the framework is supposed to run on server class platforms, why the omission?
In C & C++ I can do _access() and get the info I want, in .Net? I get to delve into:
A> Interop code. B> Win32 Security.
I can handle Interop if I absolutely have to, but even on a good day, using C++ I don't like Win32 Security, and all the tricks that are used there. I checked ACLs in .Net http://www.gotdotnet.com/community/u...mpleguid=e6098 575-dda0-48b8-9abf-e0705af065d9 No go, it requires me to add a component that is bigger then my code
just to do so, and add several level of complexities to my life. Not to mention, again, having to deal with all the minor details of
Win32 security.
To remind you, I'm trying to find out if my code has write access to a file, on a framework that support multiply users, networks and such, this
should be a snap. Instead...
Opening a file and catching the exception is the only easy way that
I've, and that is *not acceptable*. </rant>
Seriously now, I really need a way to solve this problem, preferably
with something like: FileAccess.Veri fy(filename,Wri teAccess);
Thanks in advance, Ayende Rahien
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ayende Rahien |
last post by:
<rant warning="I'm pissed off and have to vent" request="need help>
For the last couple of hours I'm struggling with a very *annoying* problem.
How to check if a user has a write access to a file?
Considerring that .Net is supposed to be a system for writing applications
for servers & clients, which in both cases has may have multi-users, I'm
amazed that this is not possible in the framework.
Initially I looked for something like:
...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
| |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |