E
Ed Sutton
Is there a FileSecurity method that can determine if the current
WindowsIdentity has write access to a file?
I can get the current windows identity and use FileSecurity to return
the AuthorizationRuleCollection and then search for the
FileSystemAccessRule's that apply to my identity. The problem is my
current identity may be "MYDOMAIN\JDOE", but I do not know how to
determine if a group this identity belongs, for example "EVERYONE",
permits write access for the identity?
Background
----------
I need to test if I my application has read/write access to a file based
database. The database may be running on a client or as a webservice on
a server. I could try to create a new dummy record and hope the
database provider gives me an error or an exception but there must be a
more elegant solution?
Thanks in advance for any tips or suggestions,
-Ed
// This does not work but shows what I wish to achieve
private static bool IdentityHasAccces(FileInfo fileInfo,
FileSystemRights
fileSystemRights)
{
System.Security.Principal.WindowsIdentity windowsIdentity =
System.Security.Principal.WindowsIdentity.GetCurrent();
FileSecurity fileSecutiy = fileInfo.GetAccessControl();
AuthorizationRuleCollection authorizationRuleCollection =
fileInfo.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule fileSystemAccessRule in
authorizationRuleCollection)
{
if ( true == (AccessControlType.Allow ==
fileSystemAccessRule.AccessControlType &&
fileSystemRights ==
(fileSystemAccessRule.FileSystemRights & fileSystemRights)))
{
// Test if this FileSystemAccessRule IdentityReference is
one of the Groups the current identity belongs to
foreach(IdentityReference identityReference in
windowsIdentity.Groups)
{
if( identityReference ==
fileSystemAccessRule.IdentityReference)
{
return true;
}
}
}
}
return false;
}
WindowsIdentity has write access to a file?
I can get the current windows identity and use FileSecurity to return
the AuthorizationRuleCollection and then search for the
FileSystemAccessRule's that apply to my identity. The problem is my
current identity may be "MYDOMAIN\JDOE", but I do not know how to
determine if a group this identity belongs, for example "EVERYONE",
permits write access for the identity?
Background
----------
I need to test if I my application has read/write access to a file based
database. The database may be running on a client or as a webservice on
a server. I could try to create a new dummy record and hope the
database provider gives me an error or an exception but there must be a
more elegant solution?
Thanks in advance for any tips or suggestions,
-Ed
// This does not work but shows what I wish to achieve
private static bool IdentityHasAccces(FileInfo fileInfo,
FileSystemRights
fileSystemRights)
{
System.Security.Principal.WindowsIdentity windowsIdentity =
System.Security.Principal.WindowsIdentity.GetCurrent();
FileSecurity fileSecutiy = fileInfo.GetAccessControl();
AuthorizationRuleCollection authorizationRuleCollection =
fileInfo.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule fileSystemAccessRule in
authorizationRuleCollection)
{
if ( true == (AccessControlType.Allow ==
fileSystemAccessRule.AccessControlType &&
fileSystemRights ==
(fileSystemAccessRule.FileSystemRights & fileSystemRights)))
{
// Test if this FileSystemAccessRule IdentityReference is
one of the Groups the current identity belongs to
foreach(IdentityReference identityReference in
windowsIdentity.Groups)
{
if( identityReference ==
fileSystemAccessRule.IdentityReference)
{
return true;
}
}
}
}
return false;
}