NTFS ACLs from C# (Whidbey)

Hot Topic

DirectoryInfo and System Volume Info
How can I validate a XML with a local DTD??
Please help me ... Windows Services or Remoting
How can I know that a driver is unavailable?
Create new Object from unregistered DLL
garbage characters
Data Binding error!
SMTPClient Problems
SQL Express Database not adding rows/data
Creating our own datasource

.NET Development

System.Web.Mail Help Please...
WEB Service ERROR-- Exception from HRESULT: 0x800700C1
Versioning question
Remotely accessing system certificate stores
ASP html retrieval
Listbox data binding tentalizing problem
Display data from multiple tables into datagrid
BITS Proxy Authentication
SQL mobile edition question
Controlling the scroll of a ListView from another control

NTFS ACLs from C# (Whidbey)

I'm using the new System.Security.AccessControl stuff in 2.0.

This is a snippet typical of what I've done (sets Read access for Network Service on 'MyFolder')


SecurityIdentifier siNetworkService = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);

NTAccount ntaNetworkService = siNetworkService.Translate(typeof(NTAccount)) as NTAccount;

DirectoryInfo diMyFolder = new DirectoryInfo(myFolder);

DirectorySecurity dsMyFolder = diMyFolder.GetAccessControl();

FileSystemAccessRule fsarNetworkService = new FileSystemAccessRule(ntaNetworkService, FileSystemRights.Read, AccessControlType.Allow);
FileSystemAccessRule fsarNetworkService2 = new FileSystemAccessRule(ntaNetworkService, FileSystemRights.Read, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);

// I can't figure out why I need two ACEs for this, but I can't get the
// behavior for this folder, child folder and files, and propagate all
// to work in one line of code. The InheritanceFlags and PropagationFlags
// don't like to be mixed with the line above. Try it without the 2nd line
// and you'll see what I mean. Bug in .NET Fx
dsMyFolder.AddAccessRule(fsarNetworkService);
dsMyFolder.AddAccessRule(fsarNetworkService2);

diMyFolder.SetAccessControl(dsMyFolder);


 

Any idea why that 2nd ACE is required Is there a way to set this ACL with fewer lines of code I have about a dozen rules like this, and it adds up to about 100 lines of code.

- Mark

Answer this question

NTFS ACLs from C# (Whidbey)

  • Rocinante8

    Hi Mark,

    Sorry for the delay in responding to you. I haven't run into this issue with our testing for specific user accounts. Is this still affecting you If so, I'll take a closer look at this.

    Thanks

    Lakshan Fernando

    BCL Team



  • NTFS ACLs from C# (Whidbey)
Answer this question