Check for Permission to Read and Write to Folder with C #

1

I would like to check if the user is allowed to read and write to a particular path.

Update: The folder will most often be on a network path.

    
asked by anonymous 08.11.2016 / 18:27

1 answer

1

Hello ... I use the class below to check if the user has access to folders or files ...

In the implementation it looks like this:

if (!CurrentUserSecurity.HasAccess(new DirectoryInfo(temp), System.Security.AccessControl.FileSystemRights.CreateDirectories))
        {
            MessageBox.Show("Sem permissão ao caminho " + temp, "Atenção", MessageBoxButtons.OK, MessageBoxIcon.Error);
            return;
        }


public class CurrentUserSecurity
{
    static WindowsIdentity _currentUser;
    static WindowsPrincipal _currentPrincipal;

    static CurrentUserSecurity()
    {
        _currentUser = WindowsIdentity.GetCurrent();
        _currentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
    }

    public static bool HasAccess(DirectoryInfo directory, FileSystemRights right)
    {
        // Get the collection of authorization rules that apply to the directory.
        AuthorizationRuleCollection acl = directory.GetAccessControl()
            .GetAccessRules(true, true, typeof(SecurityIdentifier));
        return HasFileOrDirectoryAccess(right, acl);
    }

    public static bool HasAccess(FileInfo file, FileSystemRights right)
    {
        // Get the collection of authorization rules that apply to the file.
        AuthorizationRuleCollection acl = file.GetAccessControl()
            .GetAccessRules(true, true, typeof(SecurityIdentifier));
        return HasFileOrDirectoryAccess(right, acl);
    }

    private static bool HasFileOrDirectoryAccess(FileSystemRights right,
                                          AuthorizationRuleCollection acl)
    {
        bool allow = false;
        bool inheritedAllow = false;
        bool inheritedDeny = false;

        for (int i = 0; i < acl.Count; i++)
        {
            FileSystemAccessRule currentRule = (FileSystemAccessRule)acl[i];
            // If the current rule applies to the current user.
            if (_currentUser.User.Equals(currentRule.IdentityReference) ||
                _currentPrincipal.IsInRole(
                                (SecurityIdentifier)currentRule.IdentityReference))
            {

                if (currentRule.AccessControlType.Equals(AccessControlType.Deny))
                {
                    if ((currentRule.FileSystemRights & right) == right)
                    {
                        if (currentRule.IsInherited)
                        {
                            inheritedDeny = true;
                        }
                        else
                        { // Non inherited "deny" takes overall precedence.
                            return false;
                        }
                    }
                }
                else if (currentRule.AccessControlType
                                                .Equals(AccessControlType.Allow))
                {
                    if ((currentRule.FileSystemRights & right) == right)
                    {
                        if (currentRule.IsInherited)
                        {
                            inheritedAllow = true;
                        }
                        else
                        {
                            allow = true;
                        }
                    }
                }
            }
        }

        if (allow)
        { // Non inherited "allow" takes precedence over inherited rules.
            return true;
        }
        return inheritedAllow && !inheritedDeny;
    }
}
    
08.11.2016 / 19:40