.NET Framework 2.0 ("Whidbey") has introduced a new set of classes in the Framework Class Library (FCL) that allows you to work with the NTFS Access Control Lists. You can get object owners, security descriptors, create security descriptors, and much more. All of this resides under the System.Security.AccessControl namespace.
Below is a snippet that exemplifies how to use it. Scenario: You need to create a child folder without the permissions inherited by the parent folder, but with only permissions explicitly set on the parent folder.
using
System;
using System.Collections.Generic;
using System.Text;
using System.Security.AccessControl;
using System.IO;
using System.Security.Principal;
namespace
AceInheritRemove
{
class Program
{
static void Main(string[] args)
{
// Get the object and its SecDescp
DirectoryInfo dir = new DirectoryInfo("e:\\kgk\\test");
DirectorySecurity sec = dir.GetAccessControl(AccessControlSections.All);
// Create an empty Security Descp...
DirectorySecurity secNew = new DirectorySecurity();
// Get the explicit perms on the object.
AuthorizationRuleCollection col= sec.GetAccessRules(true, false, typeof(SecurityIdentifier));
// List all the explicitly set permissions on the object...
foreach (FileSystemAccessRule rule in col)
{
// Add the explicit permission to the new Security Descp.
secNew.AddAccessRule(rule);
Console.WriteLine("{0}", rule.FileSystemRights.ToString());
}
// Create a child folder with the explicit permissions only...
DirectoryInfo info2 = new DirectoryInfo("e:\\kgk\\Test\\Child");
info2.Create(secNew);
}
}
}