Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to modify file access control in .NET Core

I'm trying to change the permissions of a file in .NET Core. However, it seems that FileInfo doesn't have any SetAccessControl anymore.

// Create a new FileInfo object.
FileInfo fInfo = new FileInfo(FileName);

// Get a FileSecurity object that represents the 
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();

// Add the FileSystemAccessRule to the security settings. 
fSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                Rights,
                                                ControlType));

// Set the new access settings.
fInfo.SetAccessControl(fSecurity);

The goal is just to add execution right to the current owner of a file (which is not Windows or Unix specific feature).

Any clues on how to do that on .NET Core ?

like image 452
Fab Avatar asked Nov 06 '16 13:11

Fab


People also ask

How to get access control of a file in DotNet core?

So you can use var ac = new FileInfo (path).GetAccessControl (), this expression is valid both in .NET Framework and .Net Core. But you still need dotnet add package System.IO.FileSystem.AccessControl. File.GetAccessControl isn't available in .NET Core.

What is file system access in ASP NET Core?

ASP.NET Core abstracts file system access through the use of File Providers. File Providers are used throughout the ASP.NET Core framework: IHostingEnvironment exposes the app's content root and web root as IFileProvider types. Static File Middleware uses File Providers to locate static files.

What happens if you don’t change the access control list of a file?

In your C# code, if you don’t have the permission to change a file’s access control list, the File. SetAccessControl method raises a UnauthorizedAccessException. Although the example application manipulates only files, it helps to know that directories also have their access control entries. In. NET, the System. IO.

What is file provider in ASP NET Core?

ASP.NET Core abstracts file system access through the use of File Providers. File Providers are used throughout the ASP.NET Core framework. For example: IWebHostEnvironment exposes the app's content root and web root as IFileProvider types.


3 Answers

The FileSecurity class is now part of the System.IO.FileSystem.AccessControl package for .NET Core. There is no longer a File.GetAccessControl method so you will need to instantiate the FileSecurity instance yourself.

like image 90
Patrik Svensson Avatar answered Sep 27 '22 16:09

Patrik Svensson


At this time there are two extension methods: GetAccessControl and SetAccessControl, for FileInfo, DirectoryInfo and etc.

So you can use var ac = new FileInfo(path).GetAccessControl(), this expression is valid both in .NET Framework and .Net Core. But you still need dotnet add package System.IO.FileSystem.AccessControl.

File.GetAccessControl isn't available in .NET Core.

ref: https://docs.microsoft.com/dotnet/api/system.io.filesystemaclextensions.getaccesscontrol

like image 29
imba-tjd Avatar answered Sep 27 '22 18:09

imba-tjd


How to Get and modify User Group Other Rights on Windows

I finally implement the Windows file permission access:

1. Get the file security:

      var security = new FileSecurity(fileSystemInfoFullName, 
                AccessControlSections.Owner | 
                AccessControlSections.Group |
                AccessControlSections.Access);

2. Get the authorization rules:

var authorizationRules = security.GetAccessRules(true, true, typeof(NTAccount));

3. Get the authorization rules for the owner:

var owner = security.GetOwner(typeof(NTAccount));
foreach (AuthorizationRule rule in authorizationRules)
{
    FileSystemAccessRule fileRule = rule as FileSystemAccessRule;
    if (fileRule != null)
    {
        if (owner != null && fileRule.IdentityReference == owner)
        {
             if (fileRule.FileSystemRights.HasFlag(FileSystemRights.ExecuteFile) ||
                fileRule.FileSystemRights.HasFlag(FileSystemRights.ReadAndExecute) ||
                fileRule.FileSystemRights.HasFlag(FileSystemRights.FullControl))
            {
                ownerRights.IsExecutable = true;
            }
        }
        else if (group != null && fileRule.IdentityReference == group)
        {
            // TO BE CONTINUED...
        }
    }
}

4. Add a rule for owner:

security.ModifyAccessRule(AccessControlModification.Add,
    new FileSystemAccessRule(owner, FileSystemRights.Modify, AccessControlType.Allow),
    out bool modified);

5. Bonus

How to get the group and others, or ... my definition of something equivalent ?

var group = security.GetGroup(typeof(NTAccount));

var others = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null)
                 .Translate(typeof(NTAccount));

Note: This code comes from my open source project Lx.Shell

like image 35
Fab Avatar answered Sep 27 '22 16:09

Fab