权限设置相关，利用Microsoft.Win32.Security

DACL DACL（Discretionary Access Control List）
This is a list that controls who can do what with your server objects. An administrator can use DCOMCNFG to configure the DACL.

DACL 类型编辑本段两种类型的ACL：自由决定的(DACL)和系统的

(SACL)。DACL管制对象访问，SACL管制审核。

 1public static Boolean SetDirPermission(String strSitePath, String strUserName,ref string ErrorMsg) 
 2        {
 3
 4            Boolean bOk;
 5
 6            try 
 7            {
 8
 9                   // Directory.CreateDirectory(strSitePath);
10
11                SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, 
12
13SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
14
15                Dacl dacl = secDesc.Dacl;
16
17                Sid sidUser = new Sid (strUserName);
18
19 
20
21                // allow: folder, subfolder and files
22
23                // modify
24
25                dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_ALL | AccessType.GENERIC_WRITE | 
26
27AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | 
28
29AceFlags.CONTAINER_INHERIT_ACE));
30              
31
32                // deny: this folder
33
34                // write attribs
35
36                // write extended attribs
37
38                // delete
39
40                // change permissions
41
42                // take ownership
43//
44//                DirectoryAccessType DAType = DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | 
45
46DirectoryAccessType.WRITE_DAC;
47//
48//                AccessType AType = (AccessType)DAType;
49//
50//                dacl.AddAce (new AceAccessDenied (sidUser, AType));
51
52 
53
54                secDesc.SetDacl(dacl);
55
56                secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
57
58                bOk = true;
59
60            } 
61            catch (Exception ee)
62            {
63
64                ErrorMsg=ee.Message;
65                bOk=false;
66
67            }
68
69            return bOk;
70
71        }

SECURITY_INFORMATION

The SECURITY_INFORMATION type identifies the object-related security information being set or queried. This security information includes:

• The owner of an object
• The primary group of an object
• The discretionary access control list (DACL) of an object
• The system access control list (SACL) of an object

typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;

Remarks

Windows 2000: New SECURITY_INFORMATION members only work with the SetNamedSecurityInfo function. These new members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.

Each item of security information is designated by a bit flag. The following values specify the bits.

Value	Meaning
DACL_SECURITY_INFORMATION	Indicates the DACL of the object is being referenced.
GROUP_SECURITY_INFORMATION	Indicates the primary group identifier of the object is being referenced.
OWNER_SECURITY_INFORMATION	Indicates the owner identifier of the object is being referenced.
PROTECTED_DACL_SECURITY_INFORMATION	Windows 2000/XP: Indicates the DACL cannot inherit ACEs.
PROTECTED_SACL_SECURITY_INFORMATION	Windows 2000/XP: Indicates the SACL cannot inherit ACEs.
SACL_SECURITY_INFORMATION	Indicates the SACL of the object is being referenced.
UNPROTECTED_DACL_SECURITY_INFORMATION	Windows 2000/XP: Indicates the DACL inherits ACEs from the parent object.
UNPROTECTED_SACL_SECURITY_INFORMATION	Windows 2000/XP: Indicates the SACL inherits ACEs from the parent object.