问题
In an asp.net app, I have a task that ftps some xml files down to a local folder on my computer. I then want to read those files but when they're copied to my local folder, they don't have the Network Service user account set up. So, my question is how, in .Net C#, do you programmatically add the "Network Service" account with full control to my xml files.
回答1:
See the FileSecurity class in MSDN
The following code example uses the FileSecurity class to add and then remove an access control list (ACL) entry from a file. You must supply a valid user or group account to run this example.
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string fileName = "test.xml";
Console.WriteLine("Adding access control entry for "
+ fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.FullControl, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from "
+ fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.FullControl, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
}
}
回答2:
try this code if help
public static bool CheckReadWriteAccces(string filePath, System.Security.AccessControl.FileSystemRights fileSystemRights)
{
FileInfo fileInfo = new FileInfo(filePath);
string str = System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToUpper();
foreach (System.Security.AccessControl.FileSystemAccessRule rule in fileInfo.GetAccessControl().GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (str == rule.IdentityReference.Value.ToUpper())
return ((rule.AccessControlType == System.Security.AccessControl.AccessControlType.Allow) && (fileSystemRights == (rule.FileSystemRights & fileSystemRights)));
}
return false;
}
/// <summary>
/// Make a file writteble
/// </summary>
/// <param name="path">File name to change</param>
public static void MakeWritable(string path)
{
if (!File.Exists(path))
return;
File.SetAttributes(path, File.GetAttributes(path) & ~FileAttributes.ReadOnly);
}
回答3:
The answer lies in the FileSecurity Class.
http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesecurity.aspx
来源:https://stackoverflow.com/questions/1036571/programmatically-adding-security-permissions-to-files-in-c-sharp