DirectorySecurity & FileSystemAccessRule

 

http://developers.de/blogs/damir_dobric/archive/2007/06/18/directory-security-and-access-rules.aspx

设置文件夹权限时遇到的问题：

1. 文件夹读写被拒绝但是文件还是可以读写： InheritanceFlags的使用, 见链接

2. 拒绝比允许优先级高， 所以要remove掉之前的权限， 否则， 拒绝->允许 之后还是不能访问

3. 权限被拒绝后, 虽然文件夹还在, 但是*注释掉*的部分,判断是不是存在的地方, 逻辑就不对了

        public void SetDirSystemRight(DirectoryInfo dInfo, bool isAllow)

        {

            //if (!dInfo.Exists)

            //    return;

 

            DirectorySecurity ds = dInfo.GetAccessControl();

            string acctName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

            NTAccount acct = new NTAccount(acctName);

            FileSystemAccessRule allowRule = new FileSystemAccessRule(acct,

                FileSystemRights.FullControl,

                InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,

                PropagationFlags.None, AccessControlType.Allow);

 

 

            FileSystemAccessRule denyRule = new FileSystemAccessRule(acct,

                FileSystemRights.FullControl,

                InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,

                PropagationFlags.None, AccessControlType.Deny);

 

            if (isAllow)

            {

                ds.RemoveAccessRuleAll(denyRule);

                ds.AddAccessRule(allowRule);

            }

            else

            {

                ds.RemoveAccessRuleAll(allowRule);

                ds.AddAccessRule(denyRule);

            }

 

            dInfo.SetAccessControl(ds);

 

        }