Re: Folder access
From: jzhu (jzhu_at_discussions.microsoft.com)
Date: 09/29/04
- Next message: Shabam: "Re: SQL Injection Prevention"
- Previous message: Dan Guzman: "Re: SQL Injection Prevention"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Folder access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 06:27:04 -0700
Additional info: Win32Security wrapper is not CLS-compliant so you can't use
VB. Check out
http://www.DataMarvel.com
Here are two samples on setting DACLs in C# and VB.
1. C# (from DataMarvel's download sample):
public void SecurityInfoDacl()
{
// A simple way to avoid conflict with existing file.
string fileName = Guid.NewGuid().ToString("N").Substring(0, 8);
IntPtr fileHd = IntPtr.Zero;
try
{
Console.WriteLine("DACL access:");
fileHd = WinBase.CreateFile(
fileName,
WinDef.NET_GENERIC_ALL,
0, // no sharing
null, // default
WinBase.NET_CREATE_ALWAYS,
WinDef.NET_FILE_ATTRIBUTE_NORMAL, // attributes
IntPtr.Zero
);
NDacl dacl = NSecurity.GetSecurityInfoDacl(
fileName, NET_SE_OBJECT_TYPE.SE_FILE_OBJECT);
Debug.Assert(dacl != null);
Console.WriteLine("NSecurity.GetSecurityInfoDacl: dacl length {0}, ace
count {1}",
dacl.AclLength, dacl.SizeInformation.AceCount);
// Get dacl
NAccessToken at = NAccessToken.OpenCurrentProcessToken(
WinDef.NET_TOKEN_QUERY);
NDacl dacl2 = at.DefaultDacl;
at.Dispose();
Debug.Assert(dacl2 != null);
// Modify DACL. The following add ACEs in
// correct order.
dacl2.AddAccessAllowedAceInOrder(
WinDef.NET_OBJECT_INHERIT_ACE |
WinDef.NET_CONTAINER_INHERIT_ACE,
WinDef.NET_GENERIC_WRITE,
NWellKnownSid.BuiltinAdministrators);
dacl2.AddAccessDeniedAceInOrder(
WinDef.NET_OBJECT_INHERIT_ACE |
WinDef.NET_CONTAINER_INHERIT_ACE,
WinDef.NET_GENERIC_WRITE,
NWellKnownSid.AnonymousLogon);
Console.WriteLine("A new dacl: length {0}, ace count {1}",
dacl2.AclLength, dacl2.SizeInformation.AceCount);
NSecurity.SetSecurityInfoDacl(
fileName, NET_SE_OBJECT_TYPE.SE_FILE_OBJECT, dacl2,
0);
NDacl dacl3 = NSecurity.GetSecurityInfoDacl(
fileName, NET_SE_OBJECT_TYPE.SE_FILE_OBJECT);
Debug.Assert(dacl3 != null);
// ACL's size can increase due to inheritance.
Console.WriteLine("Dacl after NSecurity.SetSecurityInfoDacl: length {0},
ace count {1}",
dacl3.AclLength, dacl3.SizeInformation.AceCount);
// Get SD to dump the DACL in string.
// Notice that the denied ACE is placed in front of
// the allowed ACEs.
NSecurityDescriptor sd = NSecurity.GetSecurityDescriptor(
fileName,
NET_SE_OBJECT_TYPE.SE_FILE_OBJECT,
WinDef.NET_DACL_SECURITY_INFORMATION,
false);
Console.WriteLine("Dacl in SecurityDescriptor: {0}",
sd.ToString());
Console.WriteLine();
}
finally
{
if (fileHd != IntPtr.Zero)
{
int error = WinBase.CloseHandle(fileHd);
Debug.Assert(0 == error);
WinBase.DeleteFile(fileName);
}
}
}
2. VB:
Imports DataMarvel.WinNL
Module Module1
Sub Main()
Dim myDir As String
myDir = Environment.CurrentDirectory
Dim dacl As NDacl
dacl = NSecurity.GetSecurityInfoDacl(myDir,
NET_SE_OBJECT_TYPE.SE_FILE_OBJECT)
Dim aceFlags As Integer
Dim accessMask As Integer
Dim userSid As NSid
aceFlags = WinDef.NET_OBJECT_INHERIT_ACE +
WinDef.NET_CONTAINER_INHERIT_ACE
' Allow Admin All rights
'userSid = NWellKnownSid.BuiltinAdministrators
'accessMask = WinDef.NET_GENERIC_ALL
'dacl.AddAccessAllowedAce(aceFlags, accessMask, userSid)
' Allow a user Read and Execute rights
userSid = New NSid("MyAccountName", "MySystemName")
Console.WriteLine("User SID: " + userSid.StringSid)
accessMask = WinDef.NET_GENERIC_READ + WinDef.NET_GENERIC_EXECUTE
dacl.AddAccessAllowedAce(aceFlags, accessMask, userSid)
NSecurity.SetSecurityInfoDacl(myDir,
NET_SE_OBJECT_TYPE.SE_FILE_OBJECT, dacl, 0)
End Sub
End Module
"Joe Kaplan (MVP - ADSI)" wrote:
> You need to update the security descriptor on the folder. You can do this
> using IADsSecurityDescriptor interface, or via interop with a library like
> DataMarvel or the Win32Security wrapper assembly at GotDotNet:
> http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9
>
> HTH,
>
> Joe K.
>
> "Dave" <Dave@discussions.microsoft.com> wrote in message
> news:C5DAAD7A-D4A1-4ED1-9A03-6EA4E1FB4E3E@microsoft.com...
> > How do I grant acess to a folder using VB.NET. I need to add a group and 2
> > users.
> >
> > I know this can be a long answer so if you can just point me in the right
> > direction or where I should porst this question, that would be great.
> >
> > Any links on how to would be greate.
> >
> > --
> > Thanks,
> > Dave
>
>
>
- Next message: Shabam: "Re: SQL Injection Prevention"
- Previous message: Dan Guzman: "Re: SQL Injection Prevention"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Folder access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
