using System;
using System.Collections.Generic;
using System.Text;
using System.Security.AccessControl;
using System.IO;
using System.Collections;
namespace Customization.Service
{
public class FolderSecurity
{
public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny)
{
InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
return SetFolderACL(FolderPath, UserName, Rights, AllowOrDeny, inherits, PropagationFlags.None, AccessControlModification.Add);
}
public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny
, InheritanceFlags Inherits, PropagationFlags PropagateToChildren, AccessControlModification AddResetOrRemove)
{
//过程:获取文件夹安全对象、构造访问规则、修改安全对象的访问规则、重新设置文件夹安全对象
bool ret;
try
{
DirectoryInfo folder = new DirectoryInfo(FolderPath);
DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.Access);
FileSystemAccessRule accRule = new FileSystemAccessRule(UserName, Rights, Inherits, PropagateToChildren, AllowOrDeny);
dSecurity.ModifyAccessRule(AddResetOrRemove, accRule, out ret);
folder.SetAccessControl(dSecurity);
return ret;
}
catch (Exception ex)
{
LogManager.WriteError("FolderSecurity--SetFolderACL--" + UserName, ex.ToString());
return false;
}
}
public static FileSystemRights CombineFolderRighs(string userRights)
{
FileSystemRights rights = new FileSystemRights();
if (userRights.IndexOf("R") >= 0)
{
rights = rights | FileSystemRights.Read;
}
if (userRights.IndexOf("C") >= 0)
{
rights = rights | FileSystemRights.ChangePermissions;
}
if (userRights.IndexOf("F") >= 0)
{
rights = rights | FileSystemRights.FullControl;
}
if (userRights.IndexOf("W") >= 0)
{
rights = rights | FileSystemRights.Write;
}
return rights;
}
public static void AddDirectorySecurity(string FileName, string Account, string UserRights)
{
FileSystemRights Rights = new FileSystemRights();
if (UserRights.IndexOf("R") >= 0)
{
Rights = Rights | FileSystemRights.Read;
}
if (UserRights.IndexOf("C") >= 0)
{
Rights = Rights | FileSystemRights.ChangePermissions;
}
if (UserRights.IndexOf("F") >= 0)
{
Rights = Rights | FileSystemRights.FullControl;
}
if (UserRights.IndexOf("W") >= 0)
{
Rights = Rights | FileSystemRights.Write;
}
DirectoryInfo dInfo = new DirectoryInfo(FileName);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
InheritanceFlags iFlags = new InheritanceFlags();
iFlags = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;
//iFlags = InheritanceFlags.None;
FileSystemAccessRule AccessRule2 = new FileSystemAccessRule(Account, Rights, iFlags, PropagationFlags.None, AccessControlType.Allow);
dSecurity.AddAccessRule(AccessRule2);
dInfo.SetAccessControl(dSecurity);
}
public static bool NotInheritFromParent(string folderPath)
{
try
{
DirectoryInfo diInfo = new DirectoryInfo(folderPath);
DirectorySecurity dsSecurity = diInfo.GetAccessControl();
dsSecurity.SetAccessRuleProtection(true, false);
Directory.SetAccessControl(folderPath, dsSecurity);
return true;
}
catch (Exception ex)
{
LogManager.WriteError("FolderSecurity--CheckNameExist", ex.ToString());
return false;
}
}
public static bool CheckNameExist(string folderPath, string name)
{
try
{
Hashtable names = GetACL(folderPath);
if (names != null)
{
if (names.ContainsKey(name))
{
return true;
}
else
{
return false;
}
}
return false;
}
catch (Exception ex)
{
LogManager.WriteError("FolderSecurity--CheckNameExist", ex.ToString());
return false;
}
}
public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
//FileAttributes MyAttributes = File.GetAttributes(FileName);
//File.SetAttributes(FileName, FileAttributes.Normal);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
public static void RemoveDirectorySecurityItem(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(FileName);
//FileAttributes MyAttributes = File.GetAttributes(FileName);
//File.SetAttributes(FileName, FileAttributes.Normal);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
public static Hashtable GetACL(String FolderPath)
{
try
{
Hashtable ret = new Hashtable();
DirectorySecurity sec = Directory.GetAccessControl(FolderPath, AccessControlSections.Access);
foreach (FileSystemAccessRule rule in sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
ret[rule.IdentityReference.ToString()] = rule.FileSystemRights;
}
return ret;
}
catch (Exception ex)
{
LogManager.WriteError("FolderSecurity--GetACL", ex.ToString());
return null;
}
}
public static string GetACLString(String FolderPath)
{
try
{
StringBuilder sb = new StringBuilder();
Hashtable rights = GetACL(FolderPath);
foreach (string key in rights.Keys)
{
sb.Append(key + ":\t" + ((FileSystemRights)rights[key]).ToString() + "\r\n");
}
return sb.ToString();
}
catch (Exception ex)
{
LogManager.WriteError("FolderSecurity--GetACLString", ex.ToString());
return string.Empty;
}
}
}
}