C# System.IO.Directory.CreateDirectory 仅对当前用户具有权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1006684/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
System.IO.Directory.CreateDirectory with permissions for only this current user?
提问by Shimmy Weitzhandler
I want the asp application to create a folder that has access only to the account the application was running with (i.e. asp account?)
我希望 asp 应用程序创建一个文件夹,该文件夹只能访问该应用程序运行时使用的帐户(即 asp 帐户?)
I actually wanna use this one, but I don't know how to use the "Computer\CurrentAccount" dynamically.
我实际上想使用这个,但我不知道如何动态使用“Computer\CurrentAccount”。
I want to get the current working account.
我想获取当前的工作帐户。
Thanks.
谢谢。
采纳答案by Richard
There is an example of creating a DirectorySecurityinstance and adding an ACE for a named user here(but use the default constructor to start with an empty ACL).
有创造的一个例子DirectorySecurity实例,并添加ACE名为用户在这里(但使用默认构造函数来启动一个空的ACL)。
To get the SID of the account there are two possibilities (these need testing):
要获取帐户的 SID,有两种可能性(这些需要测试):
The first approach is to rely on the owner of the process being the owner of the directory. This is likely to break if doing impersonation (e.g. under Windows Authentication to have the client's identity used for access control to filesystem content):
第一种方法是依靠进程的所有者作为目录的所有者。如果进行模拟,这可能会中断(例如,在 Windows 身份验证下,将客户端的身份用于文件系统内容的访问控制):
var ds = new DirectorySecurity();
var sid = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null)
var ace = new FileSystemAccessRule(sid,
FileSystemRights.FullControl,
AccessControlType.Allow);
ds.AddAccessRule(ace);
The second approach to to get the process owner from the process Token, this will require P/Invoke. This includes an example: http://www.codeproject.com/KB/cs/processownersid.aspx, once you have the SID create a SecurityIdentifier instance for it and follow the above to create the ACL.
从流程令牌中获取流程所有者的第二种方法,这将需要 P/Invoke。这包括一个示例:http: //www.codeproject.com/KB/cs/processownersid.aspx,一旦您拥有 SID,就为其创建一个 SecurityIdentifier 实例并按照上述步骤创建 ACL。
