How to modify file access control in .NET Core

At this time there are two extension methods: GetAccessControl and SetAccessControl, for FileInfo, DirectoryInfo and etc.

So you can use var ac = new FileInfo(path).GetAccessControl(), this expression is valid both in .NET Framework and .Net Core. But you still need dotnet add package System.IO.FileSystem.AccessControl.

File.GetAccessControl isn't available in .NET Core.

ref: https://docs.microsoft.com/dotnet/api/system.io.filesystemaclextensions.getaccesscontrol


The FileSecurity class is now part of the System.IO.FileSystem.AccessControl package for .NET Core. There is no longer a File.GetAccessControl method so you will need to instantiate the FileSecurity instance yourself.


How to Get and modify User Group Other Rights on Windows

I finally implement the Windows file permission access:

1. Get the file security:

      var security = new FileSecurity(fileSystemInfoFullName, 
                AccessControlSections.Owner | 
                AccessControlSections.Group |
                AccessControlSections.Access);

2. Get the authorization rules:

var authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));

3. Get the authorization rules for the owner:

var owner = security.GetOwner(typeof(NTAccount));
foreach (AuthorizationRule rule in authorizationRules)
{
    FileSystemAccessRule fileRule = rule as FileSystemAccessRule;
    if (fileRule != null)
    {
        if (owner != null && fileRule.IdentityReference == owner)
        {
             if (fileRule.FileSystemRights.HasFlag(FileSystemRights.ExecuteFile) ||
                fileRule.FileSystemRights.HasFlag(FileSystemRights.ReadAndExecute) ||
                fileRule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
            {
                ownerRights.IsExecutable = true;
            }
        }
        else if (group != null && fileRule.IdentityReference == group)
        {
            // TO BE CONTINUED...
        }
    }
}

4. Add a rule for owner:

security.ModifyAccessRule(AccessControlModification.Add,
    new FileSystemAccessRule(owner, FileSystemRights.Modify, AccessControlType.Allow),
    out bool modified);

5. Bonus

How to get the group and others, or ... my definition of something equivalent ?

var group = security.GetGroup(typeof(NTAccount));

var others = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null)
                 .Translate(typeof(NTAccount));

Note: This code comes from my open source project Lx.Shell

Tags:

C#

File Permissions

.Net Core

Recent Posts