C＃中获取[套用到＆QUOT;高级安全设置＆QUOT;从＆QUOT信息;对于目录

本文介绍了C＃中获取[套用到＆QUOT;高级安全设置＆QUOT;从＆QUOT信息;对于目录的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在写用于通过其权限的文件夹进行搜索并返回细节，如权利（如完全控制，读取），AccessControlType（如允许，拒绝），适用于信息（如该文件夹的应用程序，子文件夹和文件）。

I'm writing an application that is used to search through folders for their permissions and return details such as Rights (eg Full Control, Read), AccessControlType (eg Allow, Deny) and Apply To information (eg This folder, subfolders and files).

大多数信息我能够获得通过的DirectoryInfo的GetAccessControl（DirectorySecurity）方法。但是，我无法准确获得的应用到信息的目录。大量的研究后，我发现这个StackOverflow的Q＆放大器; A How改变＆QUOT;适用于QUOT＆;文件夹下的审计选项编程（.NET），这使我这个COM prehensive页的但使用的规则都规定，我没有得到的同样应用到的权限和我一样在Windows资源管理器。

Most of this information I am able to obtain using DirectoryInfo's GetAccessControl(DirectorySecurity) method. However, I can't accurately obtain the directory's Apply To information. After much research I came across this StackOverflow Q&A How to change the "Applies To" field under folder auditing options programatically (.NET) which led me to this comprehensive page http://msmvps.com/blogs/p3net/pages/access-control-in-net.aspx but using the rules that both specify, I do not get the same Apply To permissions as I do in Windows Explorer.

（表从 http://msmvps.com/blogs /p3net/pages/access-control-in-net.aspx ）

这是在code我用它来尝试和转换InheritanceFlags和PropogationFlags的组合：

This is the code I use to try and convert a combination of InheritanceFlags and PropogationFlags:

private ApplyToType GetApplyToType(InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
    if (propagationFlags == PropagationFlags.None && 
        inheritanceFlags == InheritanceFlags.None) 
        return ApplyToType.ThisFolderOnly;

    if (propagationFlags == PropagationFlags.None && 
        inheritanceFlags == InheritanceFlags.ContainerInherit) 
        return ApplyToType.ThisFolderAndSubfolders;

    if (propagationFlags == PropagationFlags.None && 
        inheritanceFlags == InheritanceFlags.ObjectInherit) 
        return ApplyToType.ThisFolderAndFiles;

    if (propagationFlags == PropagationFlags.None && 
        inheritanceFlags == (InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit)) 
        return ApplyToType.ThisFolderSubfoldersAndFiles;

    if (propagationFlags == PropagationFlags.InheritOnly && 
        inheritanceFlags == InheritanceFlags.ContainerInherit)
        return ApplyToType.SubfoldersOnly;

    if (propagationFlags == PropagationFlags.InheritOnly && 
        inheritanceFlags == InheritanceFlags.ObjectInherit)
        return ApplyToType.FilesOnly;

    if (propagationFlags == PropagationFlags.InheritOnly && 
        inheritanceFlags == (InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit))
        return ApplyToType.SubfoldersAndFilesOnly;

    return ApplyToType.AndreDoesntKnow;
}

和以下code用于查询目录：

And the following code is used to query directories:

var directory = new DirectoryInfo(directoryPath);
var accessControl = directory.GetAccessControl(AccessControlSections.Access);
var rules = accessControl.GetAccessRules(includeExplicit, includeInherited, targetType);
foreach (FileSystemAccessRule rule in rules)
{
    var applyToType = GetApplyToType(rule.InheritanceFlags, rule.PropagationFlags);
    Console.WriteLine(string.Format("Identity:{0}, Rights:{1}, AccessType:{2}, ApplyTo:{3}", rule.IdentityReference, rule.FileSystemRights, rule.AccessControlType, applyToType));
}

然而，当我看到在Windows资源管理器这些权限我看到以下内容：

However when I look at these permissions in Windows Explorer I see the following:

当我用我的应用程序来查询同一个文件夹中，我得到：

And when I use my application to query the same folder, I get:

身份：BUILTIN \管理员，权利：FullControl，接入类型：允许，ApplyTo： ThisFolderOnly

Identity:BUILTIN\Administrators, Rights:FullControl,AccessType:Allow, ApplyTo:ThisFolderOnly

身份：BUILTIN \管理员，权利：268435456，接入类型：允许，ApplyTo： SubfoldersAndFilesOnly

Identity:BUILTIN\Administrators, Rights:268435456, AccessType:Allow,ApplyTo:SubfoldersAndFilesOnly

身份：NT AUTHORITY \ SYSTEM，权利：FullControl，接入类型：允许，ApplyTo： ThisFolderOnly

Identity:NT AUTHORITY\SYSTEM, Rights:FullControl, AccessType:Allow,ApplyTo:ThisFolderOnly

身份：NT AUTHORITY \ SYSTEM，权利：268435456，接入类型：允许，ApplyTo： SubfoldersAndFilesOnly

Identity:NT AUTHORITY\SYSTEM, Rights:268435456, AccessType:Allow,ApplyTo:SubfoldersAndFilesOnly

身份：BUILTIN \用户权利：ReadAndExecute，同步，接入类型：允许，ApplyTo： ThisFolderSubfoldersAndFiles

Identity:BUILTIN\Users, Rights:ReadAndExecute, Synchronize,AccessType:Allow, ApplyTo:ThisFolderSubfoldersAndFiles

身份：NT AUTHORITY \ Authenticated Users组，权利：修改，同步，接入类型：允许，ApplyTo： ThisFolderOnly

Identity:NT AUTHORITY\Authenticated Users, Rights:Modify,Synchronize, AccessType:Allow, ApplyTo:ThisFolderOnly

身份：NT AUTHORITY \ Authenticated Users组，权利：-536805376，接入类型：允许，ApplyTo： SubfoldersAndFilesOnly

Identity:NT AUTHORITY\Authenticated Users, Rights:-536805376,AccessType:Allow, ApplyTo:SubfoldersAndFilesOnly

正如你所看到的，使用来自其它网站的规则，我的派生ApplyTo不与Windows资源管理器ApplyTo匹配。

As you can see, using the rules from these other sites, my derived ApplyTo does not match with Windows Explorer ApplyTo.

有更多的东西比这个？我究竟做错了什么？还有什么我需要解决Windows资源管理器的报告？

Is there more to it than this? What am I doing wrong? What else do I need to resolve the same ApplyTo rules that Windows Explorer reports?

我还要提到的是，这些结果是从正在运行Windows 7 64位系统我的开发PC。根据我们的用户，他们的工作环境（Windows XP x86）的，他们观察正确的行为。我不知道足够的关于Windows的权限知道有没有Windows 7的64位和Window XP x86的差异在其中。

I should also mention that these results were from my development PC which is running Windows 7 x64. According to our users, on their work environment (Windows XP x86), they observe the correct behavior. I don't know enough about Windows permissions to know whether there are differences in them between Windows 7 x64 and Window XP x86.

ApplyTo

C＃中获取[套用到＆QUOT;高级安全设置＆QUOT;从＆QUOT信息;对于目录

问题描述

推荐答案