/// <summary>
///为文件夹添加users,everyone用户组的完全控制权限
/// </summary>
/// <param name="dirPath"></param>
public static void AddSecurityControll2Folder(string dirPath)
{
try
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(dirPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加ereryone用户组的访问权限规则 完全控制权限
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
//添加Users用户组的访问权限规则 完全控制权限
FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
catch (Exception ex)
{
throw ex;
}
finally
{
Console.WriteLine("AddSecurityControll2Folder is executed.");
}
}
/// <summary>
/// 文件/文件夹权限修改
/// </summary>
/// <param name="fileSystemAccessRule">传入修改权限对象</param>
/// <param name="path">路径</param>
/// <param name="ifisFolder">是否为文件夹</param>
public static void setAtrribute(FileSystemAccessRule fileSystemAccessRule, string path, int ifisFolder)
{
if (ifisFolder == 0)
{
FileInfo fileInfo = new FileInfo(path);
//获得该文件的访问权限
System.Security.AccessControl.FileSecurity fileSecurity = fileInfo.GetAccessControl();
//添加ereryone用户组的访问权限规则 完全控制权限
fileSecurity.AddAccessRule(fileSystemAccessRule);
//设置访问权限
fileInfo.SetAccessControl(fileSecurity);
}
else
{
DirectoryInfo dir = new DirectoryInfo(path);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//添加ereryone用户组的访问权限规则 完全控制权限
FileSystemAccessRule everyoneFileSystemAccessRule = fileSystemAccessRule;
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
}
/// <summary>
/// 为文件夹添加完全访问权限
/// </summary>
/// <param name="filepath">文件夹路径</param>
public void addSecurityControl(string filepath)
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(filepath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加ereryone用户组的访问权限规则 完全控制权限
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
//添加Users用户组的访问权限规则 完全控制权限
FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
/// <summary>
///设置目录权限
/// </summary>
/// <param name="path">目录的路径。</param>
/// <param name="permission">在目录上设置的权限。</param>
/// <returns>指示是否在目录上应用权限的值。</returns>
public bool SetDirectoryPermission(string path, FileSystemRights permission)
{
try
{
if (!Directory.Exists(path))
{
return(false);
}
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(path);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加ereryone用户组的访问权限规则 完全控制权限
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
//添加Users用户组的访问权限规则 完全控制权限
FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
return(true);
}
catch (Exception e)
{
//throw new Exception(e.Message, e);
return(false);
}
//权限追加
//fileAcl.AddAccessRule(everyoneRule);
//权限删除
//fileAcl.RemoveAccessRule(everyoneRule);
//从当前文件或目录移除所有匹配的允许或拒绝访问控制列表 (ACL) 权限。
//fileAcl.RemoveAccessRuleAll(everyoneRule);
//从当前文件或目录移除指定用户的所有访问控制列表 (ACL) 权限。
//fileAcl.RemoveAccessRuleSpecific(everyoneRule);
//从当前文件或目录移除单个匹配的允许或拒绝访问控制列表 (ACL) 权限。
}
/// <summary>
/// 设置文件夹权限,处理为Everyone所有权限
/// </summary>
/// <param name="foldPath">文件夹路径</param>
private void SetFileRole(string foldPath)
{
//DirectorySecurity fsec = new DirectorySecurity();
//fsec.SetAccessRule(new FileSystemAccessRule("Everyone", FileSystemRights.FullControl,
//InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
//fsec.AddAccessRule(new FileSystemAccessRule
// ("Everyone", FileSystemRights.FullControl,
//AccessControlType.Allow));
//FileInfo fi = new FileInfo(foldPath);
//FileSecurity fileSecurity = fi.GetAccessControl();
//fileSecurity.AddAccessRule
// (new FileSystemAccessRule
// ("Everyone", FileSystemRights.FullControl,
// AccessControlType.Allow));
//fi.SetAccessControl(fileSecurity);
// 获取文件夹信息
try
{
DirectoryInfo dir = new DirectoryInfo(foldPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加ereryone用户组的访问权限规则 完全控制权限
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
//添加Users用户组的访问权限规则 完全控制权限
FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, usersFileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
catch (Exception ex)
{
}
}
/// <summary>
///为文件夹添加users,IIS_IUSRS用户组的完全控制权限
/// </summary>
/// <param name="dirPath"></param>
public static void AddSecurityControll2Folder(string dirPath, AuthorizedUsers user)
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(dirPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加IIS_IUSRS用户组的访问权限规则 完全控制权限
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(EnumHelper.GetDescription(user), FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, fileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
public static void AddSharePermissionToFolder(string folderPath, string domain, string accountName)
{
DirectoryInfo dir = new DirectoryInfo(folderPath);
string fullUserName = domain + "\\" + accountName;
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加Users用户组的访问权限规则 完全控制权限
//FileSystemAccessRule usersFileSystemAccessRule = new FileSystemAccessRule("Users", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
FileSystemAccessRule userRule = new FileSystemAccessRule(fullUserName, FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, userRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
/// <summary>
///为文件夹添加users,everyone用户组的完全控制权限
/// </summary>
/// <param name="dirPath"></param>
public static void AddSecurityControllToFolder(string[] identities, string dirPath)
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(dirPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.Access);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
bool isModified = false;
foreach (var item in identities)
{
FileSystemAccessRule fileSystemAccessRule = new FileSystemAccessRule(item, FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
dirSecurity.ModifyAccessRule(AccessControlModification.Add, fileSystemAccessRule, out isModified);
}
//设置访问权限
dir.SetAccessControl(dirSecurity);
}
/// <summary>
///为文件夹添加users用户组的完全控制权限
/// </summary>
/// <param name="dirPath"></param>
private bool AddSecurityControll2Folder(string dirPath)
{
try
{
//获取文件夹信息
DirectoryInfo dir = new DirectoryInfo(dirPath);
//获得该文件夹的所有访问权限
System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl(AccessControlSections.All);
//设定文件ACL继承
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//添加ereryone用户组的访问权限规则 完全控制权限
FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("IIS_IUSRS", FileSystemRights.FullControl, inherits, PropagationFlags.None, AccessControlType.Allow);
bool isModified = false;
dirSecurity.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified);
//设置访问权限
dir.SetAccessControl(dirSecurity);
return(isModified);
}
catch (Exception ex)
{
return(false);
}
}
//http://www.west-wind.com/weblog/posts/4072.aspx
public void SetFileSystemRights(string target, string group, FileSystemRights permission, DeploymentResult r)
{
if (!IsDirectory(target) && !IsFile(target))
return;
var oldSecurity = Directory.GetAccessControl(target);
var newSecurity = new DirectorySecurity();
newSecurity.SetSecurityDescriptorBinaryForm(oldSecurity.GetSecurityDescriptorBinaryForm());
var accessRule = new FileSystemAccessRule(group,
permission,
InheritanceFlags.None,
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
bool result;
newSecurity.ModifyAccessRule(AccessControlModification.Set, accessRule, out result);
if (!result)
r.AddError("Something wrong happened");
accessRule = new FileSystemAccessRule(group,
permission,
InheritanceFlags.ContainerInherit |
InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
result = false;
newSecurity.ModifyAccessRule(AccessControlModification.Add, accessRule, out result);
if (!result)
r.AddError("Something wrong happened");
Directory.SetAccessControl(target, newSecurity);
if (result)
r.AddGood("Permissions set for '{0}' on folder '{1}'", group, target);
if (!result) r.AddError("Something wrong happened");
}