问题描述

我工作的一个软件，需要将文件复制到指定目录下的文件系统。它需要工作在两个UAC感知操作系统（Vista中，7）以及XP。为了解决写作到UAC提升需要一个目录的问题，应用程序实际上揭开序幕另一个进程使用清单，指出UAC是必需的。这将生成提示，然后进行复制，当用户确认。

I'm working on a piece of software that needs to copy a file to a given directory on the filesystem. It needs to work on both UAC-aware OSs (Vista, 7) as well as XP. To get around the issue of writing to a directory where UAC elevation is required, the app actually kicks off another process with a manifest that states that UAC is required. This generates the prompt and then does the copy when the user confirms.

这是我所看到的，一个目录可以有三种不同的逻辑状态的权限 - 写没有UAC提升，写有UAC提升，而不是写

From what I can see, a directory can have three different logical permission states - writeable without UAC elevation, writeable with UAC elevation and not writeable.

我的问题是：对于给定的目录，我如何可靠地确定当前用户是否可以复制（和潜在的覆盖）的文件到该目录，如果我可以，我怎么判断是否需要UAC提升？

My question is this: For a given directory, how do I reliably determine whether the current user can copy (and potentially overwrite) a file to that directory, and if I can, how do I determine if UAC elevation is required?

在XP中，这可能仅仅是简单，只要选中允许写入权限是否为理所当然，但在Vista / 7，有在不授予此权限的目录，但这个动作依旧可能带有UAC。

On XP, this could just be as simple as checking whether the 'Allow Write' permission is granted, but on Vista / 7, there are directories where this permission isn't granted, but this action is still possible with UAC.

推荐答案

我们的文件WRITEACCESS有一个方法，你也许可以适应它的目录（Directory.GetAccessControl等）

We have a method for WriteAccess on files, you can probably adapt it for Directories (Directory.GetAccessControl and so on)

    /// <summary> Checks for write access for the given file.
    /// </summary>
    /// <param name="fileName">The filename.</param>
    /// <returns>true, if write access is allowed, otherwise false</returns>
    public static bool WriteAccess(string fileName)
    {
        if ((File.GetAttributes(fileName) & FileAttributes.ReadOnly) != 0)
            return false;

        // Get the access rules of the specified files (user groups and user names that have access to the file)
        var rules = File.GetAccessControl(fileName).GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));

        // Get the identity of the current user and the groups that the user is in.
        var groups = WindowsIdentity.GetCurrent().Groups;
        string sidCurrentUser = WindowsIdentity.GetCurrent().User.Value;

        // Check if writing to the file is explicitly denied for this user or a group the user is in.
        if (rules.OfType<FileSystemAccessRule>().Any(r => (groups.Contains(r.IdentityReference) || r.IdentityReference.Value == sidCurrentUser) && r.AccessControlType == AccessControlType.Deny && (r.FileSystemRights & FileSystemRights.WriteData) == FileSystemRights.WriteData))
            return false;

        // Check if writing is allowed
        return rules.OfType<FileSystemAccessRule>().Any(r => (groups.Contains(r.IdentityReference) || r.IdentityReference.Value == sidCurrentUser) && r.AccessControlType == AccessControlType.Allow && (r.FileSystemRights & FileSystemRights.WriteData) == FileSystemRights.WriteData);
    }

希望这有助于。

Hope this helps.

这篇关于C＃.NET - 如何确定目录是可写，有或没有UAC？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！