We were porting a .NET 4.0 class Library to .NET Core 1.1 and struck with an issue of very limit support for file Security and permissions in .NET Core CLR.
We were tryin
Wow, so much information out there and even though the documentation says that in .NET Core 3.1 you cannot do DirectoryInfo.SetAccessRule, it compiled and worked!
UPDATE: Aha! The documentation says this IS supported and it works. https://docs.microsoft.com/en-us/dotnet/api/system.io.filesystemaclextensions?view=dotnet-plat-ext-3.1 DOES have a SetAccessControl method
Be sure to add the System.IO.FileSystem.AccessControl
NuGet package.
Here's what I had in .NET Framework:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
Directory.SetAccessControl(<path to directory>, ds);
And here's what it is working in .NET Core 3.1. Only the last line is different:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
System.IO.FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(<path to directory>), ds);
In dotnet standard/core:
Import the NuGet package as user bvpb mentioned. System.IO.FileSystem.AccessControl
Then instead of this (which only works in .NET Framework):
FileSecurity fSecurity = File.GetAccessControl(fileName);
use this (which works in all versions of .NET):
FileSecurity fSecurity = new FileSecurity(fileName, AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
You may need AccessControllSections.All
instead which requires the account running this code to have more permissions.
These APIs haven't been included in .NET Standard due to low use and being Windows specific.
See discussion here regarding its exclusion from .NET Standard: https://github.com/dotnet/standard/issues/15
As a workaround there is a NuGet package which provides this functionality: https://www.nuget.org/packages/System.IO.FileSystem.AccessControl/
Also a related question: How to modify file access control in .NET Core