获取特定文件夹对实际用户的访问权限

时间:2019-02-05 13:13:13

标签: c# permissions filesystems

希望您能帮助我。我需要为实际用户(启动程序)或其组(用户/管理员...)获得特定文件夹的访问权限(读取,写入等)

下面的代码可以正常工作,但是我无法获得类似于以下格式的信息:

C:\ Windows(R + W)

C:\ Windows(完全控制)

谢谢。

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;

namespace ConsoleApp1
{
    class Program
    {

        static void Main(string[] args)
        {
            Console.WriteLine(getRights(@"C:\test"));
            Console.ReadLine();
        }

        static string getRights(string path)
        {
            string rights = "eeeeee";
            try
            {
                DirectorySecurity dSecurity = Directory.GetAccessControl(path);
                foreach (FileSystemAccessRule rule in dSecurity.GetAccessRules(true, true, typeof(NTAccount)))
                {
                    rights += rule.FileSystemRights.ToString() + "\n";
                    rights += rule.IdentityReference.Value + "\n";
                    rights += "\n\n";
                }
            }
            catch
            {
                rights = "";
            }

            return rights;
        }
    }
}

1 个答案:

答案 0 :(得分:0)

如果我做对了,您需要这样的东西:

internal class Program
{
    private static void Main(string[] args)
    {
        string path = @"C:\Windows";
        Console.WriteLine($"{path} - {getRights(path)}");
        Console.ReadLine();
    }

    static string getRights(string path)
    {
        DirectoryInfo directoryInfo = new DirectoryInfo(path);
        if (!directoryInfo.Exists)
        {
            return "Directory doesn't exist";
        }
        FileSystemRights fsRights = 0;
        DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
        AuthorizationRuleCollection authRules = directorySecurity.GetAccessRules(true, true, typeof(NTAccount));
        WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
        WindowsPrincipal principal = new WindowsPrincipal(currentUser);

        foreach (AuthorizationRule rule in authRules)
        {
            FileSystemAccessRule fsRule = rule as FileSystemAccessRule;

            if (fsRule != null)
            {
                NTAccount ntAccount = rule.IdentityReference as NTAccount;

                if (principal.IsInRole(ntAccount.Value))
                {
                    if (fsRule.FileSystemRights > fsRights)
                    {
                        fsRights = fsRule.FileSystemRights;
                    }
                }
            }
        }

        switch (fsRights)
        {
            case FileSystemRights.FullControl:
                return "Full Control";
            case FileSystemRights r when (r >= FileSystemRights.Write):
                return "Write";
            case FileSystemRights r when (r >= FileSystemRights.ReadData):
                return "Read";
            default:
                return "No rights";
        }
    }
}

更新:

public enum FileSystemRights
{
    ReadData = 1,
    ListDirectory = 1,
    WriteData = 2,
    CreateFiles = 2,
    AppendData = 4,
    CreateDirectories = 4,
    ReadExtendedAttributes = 8,
    WriteExtendedAttributes = 16,
    ExecuteFile = 32,
    Traverse = 32,
    DeleteSubdirectoriesAndFiles = 64,
    ReadAttributes = 128,
    WriteAttributes = 256,
    Write = 278,
    Delete = 65536,
    ReadPermissions = 131072,
    Read = 131209,
    ReadAndExecute = 131241,
    Modify = 197055,
    ChangePermissions = 262144,
    TakeOwnership = 524288,
    Synchronize = 1048576,
    FullControl = 2032127
}