How to check if "Everyone" has full control permissions to a file in c#

Question

I am writing a utility to help with changing file permissions on a certain file to allow/disallow access to it for the "Everyone" group on a Windows machine. So far I have been able to set and remove the Full Control permissions for "Everyone" to the file by using this code:

void AddFullControl()
{
    FileSecurity fsFile = File.GetAccessControl("file.tmp");
    fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow));
    File.SetAccessControl("file.tmp", fsFile);
}

void RemoveFullControl()
{
    FileSecurity fsFile = File.GetAccessControl("file.tmp");
    fsFile.SetAccessRule( new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Deny));
    File.SetAccessControl("file.tmp", fsFile);
}

However, I want to check to see if "Everyone" already has the Full Control permission or not and have not been able to find a way to do this. I have spent several days scouring through Google search after Google search and have not been able to find a way to do this. Can someone point me in the right direction or give me an example of how to do this please?

Update: This was answered very quickly and I was able to come up with c# code that works. The code I created is as follows:

void CheckAccess()
{
    AuthorizationRuleCollection arcFile = File.GetAccessControl("file.tmp").GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
    foreach (AuthorizationRule arFile in arcFile)
    {
        if (arFile.IdentityReference.Value == "Everyone")
        {
            FileSystemAccessRule fasrFile = (FileSystemAccessRule)arFile;
            if (fasrFile.AccessControlType == AccessControlType.Allow && fasrFile.FileSystemRights.HasFlag(FileSystemRights.FullControl))
            {
                MessageBox.Show("file.tmp already has Full Control permissions granted to Everyone");
            }
        }
    }
}

Answer 1

var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
    .Cast<FileSystemAccessRule>()
    .SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0");
bool fullControlAllowed = everyone != null
             && everyone.AccessControlType == AccessControlType.Allow
             && everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl);

If permissions might include both Allow and Deny entries for Everyone, you will have to use code like the following. It has slightly different semantics, since you don't get the details on everyone Deny entries.

var everyone = fsFile.GetAccessRules(true, true, typeof(SecurityIdentifier))
    .Cast<FileSystemAccessRule>()
    .SingleOrDefault(x => x.IdentityReference.Value == "S-1-1-0"
                       && x.AccessControlType == AccessControlType.Allow);
bool fullControlAllowed = everyone != null
             && everyone.FileSystemRights.HasFlag(FileSystemRights.FullControl)

Answer 2

You have to get the authorization rules for the file and check to see if there's a rule for the "Everyone" account. Then you can check the FileSystemRights for the rule to see if it has FullControl.

var account = @"Everyone";
var hasFullControl = rules.OfType<FileSystemAccessRule>()
    .Where(rule => rule.IdentityReference.Value == account && rule.AccessControlType == AccessControlType.Allow)
    .Select(rule => (bool?)rule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
    .SingleOrDefault();