在 C#/.NET 中是否可以确定System.Security.AccessControl.FileSystemAccessRule
实际继承自何处?如果是这样,我该怎么做?我想创建一个类似于 Windows 安全属性的输出,您可以在其中查看继承的 ACE 附加到哪个对象。
问问题
1646 次
1 回答
2
您必须遍历文件或文件夹的路径才能找到规则的来源。这是一组粗略的函数,将打印所有访问规则及其来源。您可以轻松地对其进行修改以创建更有用的 API(换句话说,不仅仅是打印到控制台)。
void PrintAccessRules(string path)
{
var security = File.GetAccessControl(path);
var accessRules = security.GetAccessRules(true, true, typeof(NTAccount));
foreach (var rule in accessRules.Cast<FileSystemAccessRule>())
{
if (!rule.IsInherited)
{
Console.WriteLine("{0} {1} to {2} was set on {3}.", rule.AccessControlType, rule.FileSystemRights, rule.IdentityReference, path);
continue;
}
FindInheritedFrom(rule, Directory.GetParent(path).FullName);
}
}
void FindInheritedFrom(FileSystemAccessRule rule, string path)
{
var security = File.GetAccessControl(path);
var accessRules = security.GetAccessRules(true, true, typeof(NTAccount));
var matching = accessRules.OfType<FileSystemAccessRule>()
.FirstOrDefault(r => r.AccessControlType == rule.AccessControlType && r.FileSystemRights == rule.FileSystemRights && r.IdentityReference == rule.IdentityReference);
if (matching != null)
{
if (matching.IsInherited) FindInheritedFrom(rule, Directory.GetParent(path).FullName);
else Console.WriteLine("{0} {1} to {2} is inherited from {3}", rule.AccessControlType, rule.FileSystemRights, rule.IdentityReference, path);
}
}
例如:
PrintAccessRules(@"C:\projects\mg\lib\repositories.config");
为我打印以下内容:
Allow FullControl to SkipTyler\Mike was set on C:\projects\mg\lib\repositories.config.
Allow ReadAndExecute, Synchronize to SkipTyler\Mike is inherited from C:\projects\mg
Allow FullControl to BUILTIN\Administrators is inherited from C:\
Allow FullControl to NT AUTHORITY\SYSTEM is inherited from C:\
Allow ReadAndExecute, Synchronize to BUILTIN\Users is inherited from C:\
于 2012-05-13T13:57:46.597 回答