本文共 2973 字,大约阅读时间需要 9 分钟。
如何获取当前系统用户对文件/文件夹的操作权限?
1.获取安全信息DirectorySecurity
DirectorySecurity fileAcl = Directory.GetAccessControl(folder);
通过Directory.GetAccessControl获取文件夹的权限/安全信息
详细介绍,可参考
对文件/文件夹权限的详细操作,可参考一篇博客
2. 获取文件夹访问权限列表FileSystemAccessRule
var rules = fileAcl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).OfType<FileSystemAccessRule>().ToList();
GetAccessRules()方法返回的是AuthorizationRule集合,此处只需要获取文件权限。
继承自AuthorizationRule,并新增俩个属性
- AccessControlType -- 枚举 Allow/Deny
- FileSystemRights -- 对文件的访问权限详细信息(读/写等),可见下面列表:
1 ///定义要创建访问和审核规则时使用的访问权限。 2 [Flags] 3 public enum FileSystemRights 4 { 5 ReadData = 1, 6 ListDirectory = ReadData, // 0x00000001 7 WriteData = 2, 8 CreateFiles = WriteData, // 0x00000002 9 AppendData = 4,10 CreateDirectories = AppendData, // 0x0000000411 ReadExtendedAttributes = 8,12 WriteExtendedAttributes = 16, // 0x0000001013 ExecuteFile = 32, // 0x0000002014 Traverse = ExecuteFile, // 0x0000002015 DeleteSubdirectoriesAndFiles = 64, // 0x0000004016 ReadAttributes = 128, // 0x0000008017 WriteAttributes = 256, // 0x0000010018 Delete = 65536, // 0x0001000019 ReadPermissions = 131072, // 0x0002000020 ChangePermissions = 262144, // 0x0004000021 TakeOwnership = 524288, // 0x0008000022 Synchronize = 1048576, // 0x0010000023 FullControl = Synchronize | TakeOwnership | ChangePermissions | ReadPermissions | Delete | WriteAttributes | ReadAttributes | DeleteSubdirectoriesAndFiles | Traverse | WriteExtendedAttributes | ReadExtendedAttributes | CreateDirectories | CreateFiles | ListDirectory, // 0x001F01FF24 Read = ReadPermissions | ReadAttributes | ReadExtendedAttributes | ListDirectory, // 0x0002008925 ReadAndExecute = Read | Traverse, // 0x000200A926 Write = WriteAttributes | WriteExtendedAttributes | CreateDirectories | CreateFiles, // 0x0000011627 Modify = Write | ReadAndExecute | Delete, // 0x000301BF28 }
因为AuthorizationRule中,IdentityReference对应权限的用户/用户组标识,格式为:"MYDOMAIN\MyAccount"
所以,如通过当前系统用户名与IdentityReference匹配,即可获取FileSystemAccessRule权限。如何获取用户名,见下一段落
3. 获取当前系统用户名/用户组
通过 System.Environment.UserDomainName 和 System.Environment.UserName 取得当前用户名
对当前系统用户名/用户组的其它操作,可参考
因此,将Path.Combine(Environment.UserDomainName, Environment.UserName)与IdentityReference.Value比较,获取当前用户对文件夹的权限信息
详细实现如下:
1 ///2 /// 检查当前用户是否拥有此文件夹的操作权限 3 /// 4 /// 5 ///6 public static bool HasOperationPermission(string folder) 7 { 8 var currentUserIdentity = Path.Combine(Environment.UserDomainName, Environment.UserName); 9 10 DirectorySecurity fileAcl = Directory.GetAccessControl(folder);11 var userAccessRules = fileAcl.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).OfType ().Where(i=>i.IdentityReference.Value==currentUserIdentity).ToList();12 13 return userAccessRules.Any(i => i.AccessControlType == AccessControlType.Deny);14 }
转载地址:http://boytl.baihongyu.com/