private RawSecurityDescriptor CreateSecurityDescriptor(IEnumerable<IdentityRights> allowRights,
IEnumerable<IdentityRights> denyRights = null)
{
var security = new DirectorySecurity();
security.SetOwner(CurrentIdentity);
security.SetGroup(Group);
if (allowRights == null)
allowRights = Enumerable.Empty<IdentityRights>();
if (denyRights == null)
denyRights = Enumerable.Empty<IdentityRights>();
foreach (var right in allowRights)
{
security.AddAccessRule(new FileSystemAccessRule(right.Identity, right.Rights,
AccessControlType.Allow));
}
foreach (var right in denyRights)
{
security.AddAccessRule(new FileSystemAccessRule(right.Identity, right.Rights, AccessControlType.Deny));
}
var binaryDescriptor = security.GetSecurityDescriptorBinaryForm();
return new RawSecurityDescriptor(binaryDescriptor, 0);
}