Support for File Security in .NET Core

后端 未结 3 2154
眼角桃花
眼角桃花 2021-02-14 10:10

We were porting a .NET 4.0 class Library to .NET Core 1.1 and struck with an issue of very limit support for file Security and permissions in .NET Core CLR.

We were tryin

相关标签:
3条回答
  • 2021-02-14 10:41

    Wow, so much information out there and even though the documentation says that in .NET Core 3.1 you cannot do DirectoryInfo.SetAccessRule, it compiled and worked!

    UPDATE: Aha! The documentation says this IS supported and it works. https://docs.microsoft.com/en-us/dotnet/api/system.io.filesystemaclextensions?view=dotnet-plat-ext-3.1 DOES have a SetAccessControl method

    Be sure to add the System.IO.FileSystem.AccessControl NuGet package.

    Here's what I had in .NET Framework:

    var ds = new DirectorySecurity();
    ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
    ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
    
    Directory.SetAccessControl(<path to directory>, ds);
    

    And here's what it is working in .NET Core 3.1. Only the last line is different:

    var ds = new DirectorySecurity();
    ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
    ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
    
    System.IO.FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(<path to directory>), ds);
    
    0 讨论(0)
  • 2021-02-14 10:59

    In dotnet standard/core:

    Import the NuGet package as user bvpb mentioned. System.IO.FileSystem.AccessControl

    Then instead of this (which only works in .NET Framework):

    FileSecurity fSecurity = File.GetAccessControl(fileName);
    

    use this (which works in all versions of .NET):

    FileSecurity fSecurity = new FileSecurity(fileName, AccessControlSections.Owner | 
                    AccessControlSections.Group |
                    AccessControlSections.Access);
    

    You may need AccessControllSections.All instead which requires the account running this code to have more permissions.

    0 讨论(0)
  • 2021-02-14 11:02

    These APIs haven't been included in .NET Standard due to low use and being Windows specific.

    See discussion here regarding its exclusion from .NET Standard: https://github.com/dotnet/standard/issues/15

    As a workaround there is a NuGet package which provides this functionality: https://www.nuget.org/packages/System.IO.FileSystem.AccessControl/

    Also a related question: How to modify file access control in .NET Core

    0 讨论(0)
提交回复
热议问题