/// <summary> /// 更新某个用户访问指定文件的安全规则。 /// </summary> /// <param name="fileUrl">需要添加访问规则的文件。</param> /// <param name="identity">用户帐户的名称,该参数必须标识当前机器或域上的有效帐户,并采用如下格式:DOMAIN\account。</param> /// <param name="updateMode">决定安全规则的更新方式。</param> /// <param name="rights">指定与访问规则关联的操作的类型。</param> /// <param name="controlType">值指定是允许还是拒绝该操作。</param> public static void UpdateFileAccessRule(string fileUrl, string identity, ERuleUpdateMode updateMode, FileSystemRights rights, AccessControlType controlType) { FileSecurity fSecurity = File.GetAccessControl(fileUrl); if (updateMode == ERuleUpdateMode.Append) { fSecurity.AddAccessRule(new FileSystemAccessRule(identity, rights, controlType)); } else { fSecurity.RemoveAccessRule(new FileSystemAccessRule(identity, rights, controlType)); } File.SetAccessControl(fileUrl, fSecurity); }
/// <summary> /// 更新某个用户访问指定目录(文件夹)的安全规则,并指定继承标识。 /// </summary> /// <param name="directory">需要添加访问规则的目录。</param> /// <param name="identify">用户帐户的名称,该参数必须标识当前机器或域上的有效帐户,并采用如下格式:DOMAIN\account。</param> /// <param name="updateMode">决定安全规则的更新方式。</param> /// <param name="controlSections">指定要保存或加载的安全描述符的哪些部分。</param> /// <param name="flags">安全访问规则的继承标识符,可以为多个,比如说可以传递InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit。</param> /// <param name="rights">指定与访问规则关联的操作的类型。</param> /// <param name="controlType">值指定是允许还是拒绝该操作。</param> public static void UpdateDirectoryAccessRule(string directory, string identify, ERuleUpdateMode updateMode, AccessControlSections controlSections, InheritanceFlags flags, FileSystemRights rights, AccessControlType controlType) { DirectoryInfo dInfo = new DirectoryInfo(directory); DirectorySecurity security = dInfo.GetAccessControl(controlSections); InheritanceFlags iFlags = flags; FileSystemAccessRule rule = new FileSystemAccessRule(identify, rights, iFlags, PropagationFlags.InheritOnly, controlType); if (updateMode == ERuleUpdateMode.Append) { security.AddAccessRule(rule); } else { security.RemoveAccessRule(rule); } dInfo.SetAccessControl(security); }