7
votes

I use Window 2003 server, and I need get information about security folder, programatically using C#.

I want create a tool for check permissions. I need get the groups, users, permissions and special permissions for a folder,

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

edit:

the following is a sample code for the GetSecurityDescriptorSddlForm method.

public static string GetObjectPermission(string fullFolderName)
{
    FileSecurity fileSecure = File.GetAccessControl(fullFolderName);
    StringBuilder acer = new StringBuilder();
    fileSecure.GetSecurityDescriptorSddlForm(AccessControlSections.All);

    foreach (FileSystemAccessRule ace in fileSecure.GetAccessRules(true, true, typeof(NTAccount)))
    {
        acer.Append(ace.FileSystemRights + ":" + ' ' + ace.IdentityReference.Value + "\n");
    }
    return acer.ToString();
}

This sample code will show you which NTAccount can modify or read the folder, such as this function.

How can I get groups and special permissions ??

Any sample code, suggestions?

2
When you say "Get special permissions" do you want to just know if they have them, or what they actually are?Gray
I want know if they actually have what permissions.Kiquenet
Ah, ok. Because it is easy to tell if they would check that boxes in Windows Explorer for Special permissions, because it returns a negative number. But it is a little more complicated to associate each part of that number with the permissions.Gray

2 Answers

2
votes

Could you use DirectoryInfo to get the ACL's? All ACL's should be in there (user, group):

        // Create a new DirectoryInfo object.
        DirectoryInfo dInfo = new DirectoryInfo(FileName);

        // Get a DirectorySecurity object that represents the  
        // current security settings.
        DirectorySecurity dSecurity = dInfo.GetAccessControl();

Full docs: http://msdn.microsoft.com/en-us/library/c1f66bc2(v=vs.110).aspx

0
votes

If you want to get all ace list in ACL on folder,you should use this method, also with this method you can access other ace properties, like ace.AccessControlType , ace.IsInherited;

 public static void checkAceInformation(string fileName,string loginName)
        {
            string fileSystemRightsValue = "";

            FileSecurity security = File.GetAccessControl(FileName);

            AuthorizationRuleCollection acl = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));

            foreach(FileSystemAccessRule ace in acl)
            {
                if(ace.IdentityReference.Value == LoginName)
                {
                    fileSystemRightsValue = ace.FileSystemRights.ToString();

                    Console.WriteLine(LoginName +  "  your permission value is" + fileSystemRightsValue)

                    return;
                }
            }
            Console.WriteLine(LoginName + "your not permission in this folder");

        }