C# - 如何仅向当前用户授予访问权限并限制对其他用户的访问权限

时间:2016-09-13 23:07:42

标签: c#

我希望应用程序创建一个文件夹,并限制当前和管理员以外的用户访问它。 由于下面的代码虽然当前用户也失去了访问权限,但无法删除该文件夹。

string rootPath = Environment.GetEnvironmentVariable("TEMP");
var rootDirectory = new DirectoryInfo(rootPath);
DirectoryInfo subFolder = rootDirectory.CreateSubdirectory("SubFolder");
var directorySecurity = subFolder.GetAccessControl();

var adminitrators = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
directorySecurity.AddAccessRule(
    new FileSystemAccessRule(
        adminitrators,
        FileSystemRights.FullControl,
        InheritanceFlags.None,
        PropagationFlags.NoPropagateInherit,
        AccessControlType.Allow));

directorySecurity.AddAccessRule(
    new FileSystemAccessRule(
        WindowsIdentity.GetCurrent().Name,
        FileSystemRights.FullControl,
        InheritanceFlags.None,
        PropagationFlags.NoPropagateInherit, 
        AccessControlType.Allow));

var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
directorySecurity.AddAccessRule(
    new FileSystemAccessRule(
        everyone,
        FileSystemRights.FullControl,
        InheritanceFlags.None,
        PropagationFlags.NoPropagateInherit,
        AccessControlType.Deny));

subFolder.SetAccessControl(directorySecurity);

subFolder.Delete(true); // <-- System.UnauthorizedAccessException

2 个答案:

答案 0 :(得分:1)

在这种情况下,显式Release\extra\more\subs\need_this_one规则是多余的。

默认情况下会拒绝不允许的内容,因此只需删除最后一个deny规则即可。

答案 1 :(得分:1)

好的,完整的解决方案如下:

  1. 正如@zerkms建议我们需要删除“拒绝所有人”。这解决了当前用户尝试删除文件夹时抛出的System.UnauthorizedAccessException。

  2. 正如here所述,使用SetAccessRuleProtection确保权限不会从父文件夹继承。

        string rootPath = Environment.GetEnvironmentVariable("TEMP");
    var rootDirectory = new DirectoryInfo(rootPath);

    DirectoryInfo subFolder = rootDirectory.CreateSubdirectory("SubFolder");
    var directorySecurity = subFolder.GetAccessControl();

    var adminitrators = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
    directorySecurity.AddAccessRule(
        new FileSystemAccessRule(
                adminitrators,
                FileSystemRights.FullControl,
                InheritanceFlags.None,
                PropagationFlags.NoPropagateInherit,
                AccessControlType.Allow));

    directorySecurity.AddAccessRule(
        new FileSystemAccessRule(
                WindowsIdentity.GetCurrent().Name,
                FileSystemRights.FullControl,
                InheritanceFlags.None,
                PropagationFlags.NoPropagateInherit, 
                AccessControlType.Allow));

    directorySecurity.SetAccessRuleProtection(isProtected: true, preserveInheritance: false);

    subFolder.SetAccessControl(directorySecurity);
相关问题
最新问题