1

在 C#/.NET 中是否可以确定System.Security.AccessControl.FileSystemAccessRule实际继承自何处?如果是这样,我该怎么做?我想创建一个类似于 Windows 安全属性的输出,您可以在其中查看继承的 ACE 附加到哪个对象。

4

1 回答 1

2

您必须遍历文件或文件夹的路径才能找到规则的来源。这是一组粗略的函数,将打印所有访问规则及其来源。您可以轻松地对其进行修改以创建更有用的 API(换句话说,不仅仅是打印到控制台)。

void PrintAccessRules(string path)
{   
    var security = File.GetAccessControl(path);

    var accessRules = security.GetAccessRules(true, true, typeof(NTAccount));


    foreach (var rule in accessRules.Cast<FileSystemAccessRule>())
    {
        if (!rule.IsInherited)
        {
            Console.WriteLine("{0} {1} to {2} was set on {3}.", rule.AccessControlType, rule.FileSystemRights, rule.IdentityReference, path);
            continue;
        }

        FindInheritedFrom(rule, Directory.GetParent(path).FullName);
    }
}

void FindInheritedFrom(FileSystemAccessRule rule, string path)
{
    var security = File.GetAccessControl(path);
    var accessRules = security.GetAccessRules(true, true, typeof(NTAccount));

    var matching = accessRules.OfType<FileSystemAccessRule>()
        .FirstOrDefault(r => r.AccessControlType == rule.AccessControlType && r.FileSystemRights == rule.FileSystemRights && r.IdentityReference == rule.IdentityReference);

    if (matching != null)
    {
        if (matching.IsInherited) FindInheritedFrom(rule, Directory.GetParent(path).FullName);
        else Console.WriteLine("{0} {1} to {2} is inherited from {3}", rule.AccessControlType, rule.FileSystemRights, rule.IdentityReference, path);
    }
}

例如:

PrintAccessRules(@"C:\projects\mg\lib\repositories.config");

为我打印以下内容:

Allow FullControl to SkipTyler\Mike was set on C:\projects\mg\lib\repositories.config.
Allow ReadAndExecute, Synchronize to SkipTyler\Mike is inherited from C:\projects\mg
Allow FullControl to BUILTIN\Administrators is inherited from C:\
Allow FullControl to NT AUTHORITY\SYSTEM is inherited from C:\
Allow ReadAndExecute, Synchronize to BUILTIN\Users is inherited from C:\
于 2012-05-13T13:57:46.597 回答