如何在 .NET Core 中修改文件访问控制
How to modify file access control in .NET Core
我正在尝试更改 .NET Core 中文件的权限。
但是,FileInfo 似乎已经没有 SetAccessControl 了。
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(FileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
目标只是为文件的当前所有者添加执行权(这不是 Windows 或 Unix 特定功能)。
关于如何在 .NET Core 上执行此操作的任何线索?
FileSecurity class 现在是 .NET Core System.IO.FileSystem.AccessControl 包的一部分。不再有 File.GetAccessControl 方法,因此您需要自己实例化 FileSecurity 实例。
如何在Windows
上获取和修改用户组其他权限
我终于实现了Windows文件权限访问:
1.获取文件安全性:
var security = new FileSecurity(fileSystemInfoFullName,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
2。获取授权规则:
var authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
3。获取所有者的授权规则:
var owner = security.GetOwner(typeof(NTAccount));
foreach (AuthorizationRule rule in authorizationRules)
{
FileSystemAccessRule fileRule = rule as FileSystemAccessRule;
if (fileRule != null)
{
if (owner != null && fileRule.IdentityReference == owner)
{
if (fileRule.FileSystemRights.HasFlag(FileSystemRights.ExecuteFile) ||
fileRule.FileSystemRights.HasFlag(FileSystemRights.ReadAndExecute) ||
fileRule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
{
ownerRights.IsExecutable = true;
}
}
else if (group != null && fileRule.IdentityReference == group)
{
// TO BE CONTINUED...
}
}
}
4.为所有者添加规则:
security.ModifyAccessRule(AccessControlModification.Add,
new FileSystemAccessRule(owner, FileSystemRights.Modify, AccessControlType.Allow),
out bool modified);
5.奖金
如何获得 group 和 others,或者...我对等价物的定义?
var group = security.GetGroup(typeof(NTAccount));
var others = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null)
.Translate(typeof(NTAccount));
注:此代码来自我的开源项目Lx.Shell
此时有两种扩展方式:GetAccessControl和SetAccessControl,用于FileInfo、DirectoryInfo等
所以你可以使用var ac = new FileInfo(path).GetAccessControl(),这个表达式在.NET Framework 和.Net Core 中都有效。但是你还需要dotnet add package System.IO.FileSystem.AccessControl.
File.GetAccessControl 在 .NET Core 中不可用。
参考:https://docs.microsoft.com/dotnet/api/system.io.filesystemaclextensions.getaccesscontrol
处理目录或文件的 acls 的另一种方法:
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(fileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(fileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
}
//example for open onClick folderdialog and get owner by NTACCOUNT of folder from acl
private async void Button_Click(object sender, RoutedEventArgs e)
{
var folderPicker = new Windows.Storage.Pickers.FolderPicker();
folderPicker.SuggestedStartLocation = Windows.Storage.Pickers.PickerLocationId.Desktop;
folderPicker.FileTypeFilter.Add("*");
Windows.Storage.StorageFolder folder = await folderPicker.PickSingleFolderAsync();
if (folder != null)
{
// Application now has read/write access to all contents in the picked folder
// (including other sub-folder contents)
Windows.Storage.AccessCache.StorageApplicationPermissions.
FutureAccessList.AddOrReplace("PickedFolderToken", folder);
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(folder.ToString());
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
IdentityReference identityReference = fSecurity.GetOwner(typeof(SecurityIdentifier));
NTAccount ntAccount = identityReference.Translate(typeof(NTAccount)) as NTAccount;
var fileOwner = ntAccount.Value;
//do something with file Owner
//this.tb1.Text = "folder: " + folder.Name + " in Pfad: " + folder.Path + "owned by: " + fileOwner;
}
else
{
//error Handler
}
}
这是对其他答案的补充。请注意 System.IO.FileSystem.AccessControl 中的 GetAccessControl 和 SetAccessControl NOT 像其他 .NET Core System.IO 一样支持长文件名(255 个字符) ] API。
您收到的异常是内部调用抛出的ArgumentException,参数是name.
如果您正在使用该软件包,如果您发现长文件名,则需要添加:
if (usingFile.FullName.Length > 255)
{
usingFile = new FileInfo(@"\?\" + file.FullName);
}
或
if (folder.FullName.Length > 255)
{
folder = new DirectoryInfo(@"\?\" + folder.FullName);
}
文档说这是受支持的并且它有效(对我来说)。 https://docs.microsoft.com/en-us/dotnet/api/system.io.filesystemaclextensions?view=dotnet-plat-ext-3.1确实有 SetAccessControl 方法
一定要添加 System.IO.FileSystem.AccessControl NuGet 包。
这是我在 .NET Framework 中的内容:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
Directory.SetAccessControl(<path to directory>, ds);
这是它在 .NET Core 3.1 中的工作原理。只有最后一行不同:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
System.IO.FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(<path to directory>), ds);
我正在尝试更改 .NET Core 中文件的权限。
但是,FileInfo 似乎已经没有 SetAccessControl 了。
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(FileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
目标只是为文件的当前所有者添加执行权(这不是 Windows 或 Unix 特定功能)。
关于如何在 .NET Core 上执行此操作的任何线索?
FileSecurity class 现在是 .NET Core System.IO.FileSystem.AccessControl 包的一部分。不再有 File.GetAccessControl 方法,因此您需要自己实例化 FileSecurity 实例。
如何在Windows
上获取和修改用户组其他权限我终于实现了Windows文件权限访问:
1.获取文件安全性:
var security = new FileSecurity(fileSystemInfoFullName,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
2。获取授权规则:
var authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));
3。获取所有者的授权规则:
var owner = security.GetOwner(typeof(NTAccount));
foreach (AuthorizationRule rule in authorizationRules)
{
FileSystemAccessRule fileRule = rule as FileSystemAccessRule;
if (fileRule != null)
{
if (owner != null && fileRule.IdentityReference == owner)
{
if (fileRule.FileSystemRights.HasFlag(FileSystemRights.ExecuteFile) ||
fileRule.FileSystemRights.HasFlag(FileSystemRights.ReadAndExecute) ||
fileRule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
{
ownerRights.IsExecutable = true;
}
}
else if (group != null && fileRule.IdentityReference == group)
{
// TO BE CONTINUED...
}
}
}
4.为所有者添加规则:
security.ModifyAccessRule(AccessControlModification.Add,
new FileSystemAccessRule(owner, FileSystemRights.Modify, AccessControlType.Allow),
out bool modified);
5.奖金
如何获得 group 和 others,或者...我对等价物的定义?
var group = security.GetGroup(typeof(NTAccount));
var others = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null)
.Translate(typeof(NTAccount));
注:此代码来自我的开源项目Lx.Shell
此时有两种扩展方式:GetAccessControl和SetAccessControl,用于FileInfo、DirectoryInfo等
所以你可以使用var ac = new FileInfo(path).GetAccessControl(),这个表达式在.NET Framework 和.Net Core 中都有效。但是你还需要dotnet add package System.IO.FileSystem.AccessControl.
File.GetAccessControl 在 .NET Core 中不可用。
参考:https://docs.microsoft.com/dotnet/api/system.io.filesystemaclextensions.getaccesscontrol
处理目录或文件的 acls 的另一种方法:
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(fileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(fileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
}
//example for open onClick folderdialog and get owner by NTACCOUNT of folder from acl
private async void Button_Click(object sender, RoutedEventArgs e)
{
var folderPicker = new Windows.Storage.Pickers.FolderPicker();
folderPicker.SuggestedStartLocation = Windows.Storage.Pickers.PickerLocationId.Desktop;
folderPicker.FileTypeFilter.Add("*");
Windows.Storage.StorageFolder folder = await folderPicker.PickSingleFolderAsync();
if (folder != null)
{
// Application now has read/write access to all contents in the picked folder
// (including other sub-folder contents)
Windows.Storage.AccessCache.StorageApplicationPermissions.
FutureAccessList.AddOrReplace("PickedFolderToken", folder);
// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(folder.ToString());
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
IdentityReference identityReference = fSecurity.GetOwner(typeof(SecurityIdentifier));
NTAccount ntAccount = identityReference.Translate(typeof(NTAccount)) as NTAccount;
var fileOwner = ntAccount.Value;
//do something with file Owner
//this.tb1.Text = "folder: " + folder.Name + " in Pfad: " + folder.Path + "owned by: " + fileOwner;
}
else
{
//error Handler
}
}
这是对其他答案的补充。请注意 System.IO.FileSystem.AccessControl 中的 GetAccessControl 和 SetAccessControl NOT 像其他 .NET Core System.IO 一样支持长文件名(255 个字符) ] API。
您收到的异常是内部调用抛出的ArgumentException,参数是name.
如果您正在使用该软件包,如果您发现长文件名,则需要添加:
if (usingFile.FullName.Length > 255)
{
usingFile = new FileInfo(@"\?\" + file.FullName);
}
或
if (folder.FullName.Length > 255)
{
folder = new DirectoryInfo(@"\?\" + folder.FullName);
}
文档说这是受支持的并且它有效(对我来说)。 https://docs.microsoft.com/en-us/dotnet/api/system.io.filesystemaclextensions?view=dotnet-plat-ext-3.1确实有 SetAccessControl 方法
一定要添加 System.IO.FileSystem.AccessControl NuGet 包。
这是我在 .NET Framework 中的内容:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
Directory.SetAccessControl(<path to directory>, ds);
这是它在 .NET Core 3.1 中的工作原理。只有最后一行不同:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
System.IO.FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(<path to directory>), ds);