Re: Finding out if user has privileges to a diectory.
From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 03/30/05
- Previous message: strutt: "revoke Windows authentication credentials for a session"
- In reply to: Nicole Calinoiu: "Re: Finding out if user has privileges to a diectory."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Mar 2005 21:45:51 GMT
And in fact, the try .. catch solution is the only correct one.
Lets say you do the check, and the user is allowed access. Then before you
attempt to write the file, another application changes the ACL on the
directory. Now, even though you did a pre-check and everything was OK, you
still have to deal with the exception.
The reverse also applies ... if you do the check, and it turns out hte user
isn't allowed, but the ACL is changed to allow access while you pop your
dialog. Now you've denied access when in fact the user should be permitted
to write.
In order to avoid the race condition, you need to just attempt to do it,
and trap the error condition then.
-Shawn
http://blogs.msdn.com/shawnfa
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:
For the benefit of the community-at-large, all responses to this message
are best directed to the newsgroup/thread from which they originated.
--------------------
> From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
> References: <eTbognHMFHA.3832@TK2MSFTNGP12.phx.gbl>
<e4Qs50HMFHA.656@TK2MSFTNGP14.phx.gbl>
<OoLJ8o5MFHA.2576@TK2MSFTNGP10.phx.gbl>
> Subject: Re: Finding out if user has privileges to a diectory.
> Date: Tue, 29 Mar 2005 08:56:52 -0500
> Lines: 67
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> X-RFC2646: Format=Flowed; Response
> Message-ID: <OMxMWmGNFHA.2468@tk2msftngp13.phx.gbl>
> Newsgroups: microsoft.public.dotnet.security
> NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca 24.202.143.209
> Path: TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.dotnet.security:9584
> X-Tomcat-NG: microsoft.public.dotnet.security
>
> "UJ" <UJ@nowhere.com> wrote in message
> news:OoLJ8o5MFHA.2576@TK2MSFTNGP10.phx.gbl...
> > Here's what I'm trying to do - I want to have a 'global' directory on
the
> > network that users can write to. When the user attempts to write to the
> > directory, I need to make sure that they have writes to write to that
> > directory. I'd rather give them a nice message instead of doing a
> > try/catch when they are done
>
> You can display whatever message you like to a user regardless of whether
> the error condition is detected in a pre-write test or as a caught
> exception. Is this your only reason for wanting to perform the pre-write
> test?
>
>
> > (I'd like to let them know the directory doesn't exist/they don't have
> > rights to it before we start.)
>
> If the user has no permissions whatsoever on the directory, it won't be
> possible to determine whether the directory exists. Even if it were
> possible, you shouldn't announce the existence of the directory to a user
> with no permissions on it.
>
>
> > Any suggestions?
>
> Your write operation could fail for many reasons, not solely limited to
user
> permissions. Given that this is a network directory, failures for other
> reasons will probably be much more common than failures due to
permissions
> over the long term. To be honest, I just can't see any reason to avoid
> detecting potential permissions problems as caught exceptions in this
case,
> particularly given that problems could creep in between any pre-write
test
> and the actual write operation, so you'll need to handle the same
exception
> set anyway...
>
>
> >
> > TIA
> >
> > Jeffrey.
> >
> > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in
message
> > news:e4Qs50HMFHA.656@TK2MSFTNGP14.phx.gbl...
> >> There are several ways, but the most appropriate will depend on at
least
> >> two criteria:
> >>
> >> 1. With what code access permissions will the code be running?
> >> 2. How do you define "access"? (See
> >>
http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_
frm/thread/de8d8902a906fc8e/382b60bb2c6f0737
> >> for a thread on a similar topic.)
> >>
> >>
> >> "UJ" <UJ@nowhere.com> wrote in message
> >> news:eTbognHMFHA.3832@TK2MSFTNGP12.phx.gbl...
> >>> How can I, through VB.NET, find out if somebody has access to a
> >>> specified directory? The directory will be on an 2000 Server.
> >>>
> >>> TIA.
> >>>
> >>> Jeffrey.
> >>>
> >>>
> >>
> >>
> >
> >
>
>
>
- Previous message: strutt: "revoke Windows authentication credentials for a session"
- In reply to: Nicole Calinoiu: "Re: Finding out if user has privileges to a diectory."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
