by Keyvan Nayyeri via Keyvan Nayyeri on 8/20/2006 10:10:00 AM
One of several reasons to add Medium Trust level (any search for a good resource except MSDN points me back to my post!) to ASP.NET 2.0 was a new addition to System.Security namespace and it was AccessControl.
There you can find essential means to work on file permissions and ACL which opens dangerous wholes in some cases such as shared hosts.
By creating a FileSecurity object you can get full information about ACL for a specific file.
I begin with getting Access Control List for a specific file whose path is being sent by a string parameter to my method. I set my AuthorizationRuleCollection to what I get from my FileSecurity.GetAccessRules() method then iterate throw it and use FileSystemAccessRule object to get my desire information. A DataTable helps me to save my data and bind them to a Repeater control on output.
private void ShowACL(string FilePath)
{
DataTable ACLTable = new DataTable("ACL");
ACLTable.Columns.
Add("Identity", typeof(string));
Add("AcceptControlType", typeof(string));
Add("FileSystemRights", typeof(string));
FileSecurity fs = File.GetAccessControl(FilePath);
AuthorizationRuleCollection arc =
fs.GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule fsar in arc)
DataRow row = ACLTable.NewRow();
row["Identity"] =
fsar.IdentityReference.Value;
row["AcceptControlType"] =
fsar.AccessControlType.ToString();
row["FileSystemRights"] =
fsar.FileSystemRights.ToString();
ACLTable.Rows.Add(row);
}
Repeater.DataSource = ACLTable.DefaultView;
Repeater.DataBind();
This is the result of running this code:
You can compare it with this snapshot:
Now I want to do more and give an access to a user via my code. To accomplish this I use FileSecurity.AddAccessRule() and FileSetAccessControl() methods.
private void SetAccess(string FilePath)
fs.AddAccessRule(new FileSystemAccessRule(@"KEYVANNAYYERI\HB",
FileSystemRights.FullControl,
AccessControlType.Allow));
File.SetAccessControl(FilePath, fs);
Response.Write("FullControl Access has been granted" +
@"to user KEYVANNAYYERI\HB.");
This is access rights for user KEYVANNAYYERI\HB before running this code:
And this is what will happen to it after running that code:
Finally I want to remove access from a user. This is very similar to adding an access. There is only one difference and that is sending AccessControlType.Deny to FileSecurity.AddAccessRule() method. It will deny the user specified in first parameter from the rule specified in second parameter.
private void RemoveAccess(string FilePath)
AccessControlType.Deny));
Response.Write(@"User KEYVANNAYYERI\HB has been" +
"denied from FullControl access.");
And the result:
Sample project for this post has been attached to it.
Original Post: Working with Access Control List in .NET 2.0
The content of the postings is owned by the respective author. CSharpFeeds is not responsible for the contents of the postings. This site is automatically generated and cannot be reviewed for abusive content. If you find abusive content on CSharpFeeds, please contact us. Designated trademarks and brands are the property of their respective owners. All rights reserved.
