将“Everyone”权限添加到文件夹的网络共享

时间:2012-04-12 18:32:40

标签: c# security networking windows-7 share

注意:请不要忽视基于与其他人相似的标题。

我正在尝试在Windows 7计算机上共享文件夹。我希望通过C#为每个人提供完全的权限。

我在其他页面上看过几篇文章,包括这里,告诉我们如何做。但和其他人一样,它对我不起作用。以下是摘自SO的摘录。

    DirectorySecurity sec = Directory.GetAccessControl(path);
    // Using this instead of the "Everyone" string means we work on non-English systems.
    SecurityIdentifier everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
    sec.AddAccessRule(new FileSystemAccessRule(everyone, FileSystemRights.FullControl | FileSystemRights.Synchronize, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
    Directory.SetAccessControl(path, sec);

在调用上面的代码之前,已经完成了共享文件夹。以下图片是我得到的结果:

enter image description here

到目前为止,这么好。但是在下一张图片上,您会看到剩下的两个复选框仍未选中。

enter image description here

我错过了什么?

谢谢!

编辑:以下是用于进行实际共享的代码。

    private static void QshareFolder(string FolderPath, string ShareName, string Description)
    {
        try
        {
            ManagementClass managementClass = new ManagementClass("Win32_Share");
            ManagementBaseObject inParams = managementClass.GetMethodParameters("Create");
            ManagementBaseObject outParams;

            inParams["Description"] = Description;
            inParams["Name"] = ShareName;
            inParams["Path"] = FolderPath;
            inParams["MaximumAllowed"] = null;
            inParams["Password"] = null;
            inParams["Access"] = null;
            inParams["Type"] = 0x0; // Disk Drive

            // Invoke the method on the ManagementClass object
            outParams = managementClass.InvokeMethod("Create", inParams, null);

            // Check to see if the method invocation was successful
            if ((uint) (outParams.Properties["ReturnValue"].Value) != 0)
            {
                throw new Exception("Unable to share directory.");
            }
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message, "error!");
        }
    }

2 个答案:

答案 0 :(得分:3)

共享和基础文件夹的权限是分开的 - 您的代码在文件/文件夹上设置ACL ...所以您缺少在网络共享本身上设置ACL的部分。

最终通过共享访问文件时,文件权限和共享之间的权限最小。

我不知道如何在共享上设置ACL,但这里是一个相关的C ++问题,可能很好地盯着如何设置共享权限:How to create read-only network share programmatically?

答案 1 :(得分:0)

实际上,我遇到了与您相反的问题,并且您的第一个代码段为我解决了该问题……您的实现只是缺少SecurityDescriptor。

 private static ManagementObject GetSecurityDescriptor()
 {
            ManagementObject Trustee = new ManagementClass(new ManagementPath("Win32_Trustee"), null);
            Trustee["SID"] = GetWellKnwonSid(WellKnownSidType.WorldSid);
            Trustee["Name"] = "Everyone";

            ManagementObject userACE = new ManagementClass(new ManagementPath("Win32_Ace"), null);
            userACE["AccessMask"] = 2032127;//Full access
            userACE["AceFlags"] = AceFlags.ObjectInherit | AceFlags.ContainerInherit;
            userACE["AceType"] = AceType.AccessAllowed;
            userACE["Trustee"] = Trustee;

            ManagementObject secDescriptor = new ManagementClass(new ManagementPath("Win32_SecurityDescriptor"), null);
            secDescriptor["ControlFlags"] = 4; //SE_DACL_PRESENT 
            secDescriptor["DACL"] = new object[] { userACE };
            secDescriptor["Group"] = Trustee;
            return secDescriptor;
  }

private static byte[] GetWellKnwonSid(WellKnownSidType SidType)
{
      SecurityIdentifier Result = new SecurityIdentifier(SidType, null);
      byte[] sidArray = new byte[Result.BinaryLength];
      Result.GetBinaryForm(sidArray, 0);

      return sidArray;
}

您必须将Win32_Share实例分配给 Access 属性