我有一个 C# 网络应用程序,它会提示管理员输入网络代理身份验证信息。我询问用户是否要保存此信息,如果他们选择是,我会在用户的唯一本地文件中加密。然后,我想删除除创建它的用户之外的所有文件权限,但所有其他用户都能够删除该文件。
现在,我在下面找到了 MS 文章,但如果我不知道一开始就在文件上设置的默认用户,那也无济于事。是否有删除所有文件权限?然后,我可以添加我想要设置的个人权限以供当前用户完全访问,并删除“所有用户”或“经过身份验证的用户”的权限,这取决于 Windows 的版本。 http://msdn.microsoft.com/en-us/library/system.io.file.setaccesscontrol.aspx
我想到了..
public void SetFileSecurity(String filePath, String domainName, String userName)
{
//get file info
FileInfo fi = new FileInfo(filePath);
//get security access
FileSecurity fs = fi.GetAccessControl();
//remove any inherited access
fs.SetAccessRuleProtection(true, false);
//get any special user access
AuthorizationRuleCollection rules = fs.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
//remove any special access
foreach (FileSystemAccessRule rule in rules)
fs.RemoveAccessRule(rule);
//add current user with full control.
fs.AddAccessRule(new FileSystemAccessRule(domainName + "\\" + userName, FileSystemRights.FullControl, AccessControlType.Allow));
//add all other users delete only permissions.
fs.AddAccessRule(new FileSystemAccessRule("Authenticated Users", FileSystemRights.Delete, AccessControlType.Allow));
//flush security access.
File.SetAccessControl(filePath, fs);
}
如果需要针对特定组进行移除,可以使用此方法;
public static void RemoveGroupPermission(string path, string group_name)
{
long begin = Datetime.Now.Ticks;
DirectoryInfo dirInfo = new DirectoryInfo(path);
DirectorySecurity dirSecurity = dirInfo.GetAccessControl();
dirSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(Environment.UserDomainName +
@"\" + group_name, 0, 0));
dirInfo.SetAccessControl(dirSecurity);
long end = DateTime.Now.Ticks;
Console.WriteLine("Tick : " + (end - begin));
}