I'm using the new System.Security .AccessControl stuff in 2.0.
This is a snippet typical of what I've done (this example sets Read access for Network Service on 'myFolder' and all subfolders and files)
SecurityIdentif ier siNetworkServic e = new SecurityIdentif ier(WellKnownSi dType.NetworkSe rviceSid, null);
NTAccount ntaNetworkServi ce = siNetworkServic e.Translate(typ eof(NTAccount)) as NTAccount;
DirectoryInfo diMyFolder = new DirectoryInfo(m yFolder);
DirectorySecuri ty dsMyFolder = diMyFolder.GetA ccessControl();
FileSystemAcces sRule fsarNetworkServ ice = new FileSystemAcces sRule(ntaNetwor kService, FileSystemRight s.Read, AccessControlTy pe.Allow);
FileSystemAcces sRule fsarNetworkServ ice2 = new FileSystemAcces sRule(ntaNetwor kService, FileSystemRight s.Read, InheritanceFlag s.ContainerInhe rit | InheritanceFlag s.ObjectInherit , PropagationFlag s.InheritOnly, AccessControlTy pe.Allow);
// I can't figure out why I need two ACEs for this, but I can't get the
// behavior for this folder, child folder and files, and propagate all
// to work in one line of code. The InheritanceFlag s and PropagationFlag s
// don't like to be mixed with the line above. Try it without the 2nd line
// and you'll see what I mean. Bug in .NET Fx?
dsMyFolder.AddA ccessRule(fsarN etworkService);
dsMyFolder.AddA ccessRule(fsarN etworkService2) ;
diMyFolder.SetA ccessControl(ds MyFolder);
Any idea why that 2nd ACE is required? Is there a way to set this ACL with fewer lines of code? I have about a dozen rules like this, and it adds up to about 100 lines of code.
- Mark
--
MARK RICHMAN