RE: New System.Security.AccessControl classes

From: Jeffrey Tan[MSFT] (v-jetan_at_online.microsoft.com)
Date: 10/31/05 

Date: Mon, 31 Oct 2005 05:47:05 GMT

Hi Bruce,

Thanks for your post.

Based on my understanding, you want to do the Security Descriptor dump for
files/folders with .Net2.0 classes.

In .Net2.0, doing ACL programming is much easier than before, .Net provided
managed classes for ACL programming. Below is a code snippet for dumping
the owner and DACL of a file:

private void button1_Click(object sender, EventArgs e)
{
    FileSecurity sd=File.GetAccessControl(@"C:\boot.ini");
    PrintOwerAndDACL(sd);
}

static void PrintOwerAndDACL(FileSecurity sd)
{

    Console.WriteLine("Owner: {0}", sd.GetOwner(typeof(NTAccount)));
    // rule represents an ACE
    foreach (FileSystemAccessRule rule in sd.GetAccessRules(true, true,
typeof(NTAccount)))
    {
        PrintACE(rule);
    }
}

static void PrintACE(FileSystemAccessRule rule)
{
    Console.WriteLine("{0} {1} to {2} ({3})",AccessControlType.Allow ==
rule.AccessControlType ?
      "grant" : "deny",
      rule.FileSystemRights, // access permission mask
      rule.IdentityReference,
      rule.IsInherited ? "inherited" : "direct");
}

Addtionally, Keith brown has writen an excellent windows security book for
.Net 2.0, there is an online version in the link below:
"The .NET Developer's Guide to Windows Security"
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook.HomePage

Hope this helps

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Quantcast