Click here to Skip to main content
8,872,923 members and growing!
  
Email Password   Lost password?
Search within:



add
Add to your CodeProject bookmarks
Print Article
Site map
 » Platforms, Frameworks & Libraries » .NET Framework » How To
Licence 
First Posted 26 Apr 2003
Views 114,894
Bookmarked 36 times

Adding File Access Permissions using DirectoryServices

By | 27 Apr 2003 | Article
How to add user to file access permissions using DirectoryServices in .NET framework in Active Directory
ArticleBrowse CodeStatsRevisionsAlternatives
  Discuss
Discuss this article
 23  

Introduction

As the title of the article describes this article is going to describe a very simple but very helpful topic. Every now and then we are faced with a situation where we have to fix a file or folder's permissions to add or remove a user. The perfect example is installation of an ASP.Net application. If you have a folder in that application which needs write permissions for ASPNET user account then your custom installer may need to add a new ACE that gives ASPNET user the required permissions.

The Code

You can make use of DirectoryServices classes to accomplish this task. Technically speaking, the techniue does not use the classes defined in System.DirectoryServices namespace at all. It uses Interop to access ADSI objects to get the job done. The reason for using Interop is the same as we described in our earlier article, How to get file security information, DirectoryServices classes does not fully implement all the features present in ADSI. 

using System;
using System.Collections;
using ActiveDs;

namespace PardesiServices.FixFilePermission
{
  class FileSecurity
  {
    [STAThread]
    static void Main(string[] args)
    {
        string strFile = @"D:\mmcInst.log";
        try
        {
            ADsSecurityUtilityClass secuUtil = new ADsSecurityUtilityClass();
            object ob = secuUtil.GetSecurityDescriptor(
                strFile,
                (int)ActiveDs.ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
                (int)ActiveDs.ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
            if (null != ob)
            {
                ActiveDs.IADsSecurityDescriptor sd =<BR>                  (IADsSecurityDescriptor)ob;
                ActiveDs.IADsAccessControlList obDacl =
                 (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;
                bool bAddAce = true;
                IEnumerator obAceEnum = obDacl.GetEnumerator();
                while (obAceEnum.MoveNext())
                {
                    IADsAccessControlEntry obAce =
                     (IADsAccessControlEntry)obAceEnum.Current;
                    Console.WriteLine("Trustee: {0}", obAce.Trustee);
                    // Check if "ASPNET" account is trustee of ACE or not.
                    if (obAce.Trustee.IndexOf("ASPNET") != -1)
                    {
                        // Check if this is a ALOWED Ace or not.
                        if (obAce.AceType ==<BR>                          (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED)
                        {
                            bAddAce = false;
                        }
                    }
                }

                // If bAddAce flag is set, then we will add it.
                if (bAddAce)
                {
                    AccessControlEntryClass obNewAce =<BR>                      new AccessControlEntryClass();
                    obNewAce.AceType =<BR>                      (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED;
                    obNewAce.Trustee = @"ASPNET";
                    obNewAce.AccessMask = -1;
                    obDacl.AddAce(obNewAce);
                    sd.DiscretionaryAcl = obDacl;
                    secuUtil.SetSecurityDescriptor(
                            strFile,
                            (int)ADS_PATHTYPE_ENUM.ADS_PATH_FILE,
                            sd,
                            (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
                    }
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
            }
        }
    }
}

If you notice, at the top of the code we have referenced ActiveDs namespace. This namespace is included into the project by referencing to Active DS Type Library COM object in your project. If you use Visual Studio .NET IDE, then you can right click on the project and choose Add Reference menu option to add the required COM object refrence. If you are using command line compiler then use tlbimp utility to import activeds.tlb.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Softomatix

Web Developer

United States United States

Member

 To learn more about us, Please visit us at http://www.netomatix.com

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board. (secure sign-in)
 
Search this forum  
 FAQ
    Noise  Layout  Per page   
  RefreshFirst Prev Next
GeneralMy vote of 1 Pinmembervsr.krishnamraju23:59 19 Apr '09  
QuestionFile access permissions Pinmemberluigilg5:00 29 May '06  
GeneralCode fails under windows server 2003 Pinmemberjaimi12:15 30 Jan '06  
GeneralNice code, but ignores issue of ordering PinsussSergei Gnezdov10:13 30 Sep '05  
General,Getting file permission Pinmemberfoxit11:22 14 Jul '05  
Generalnetomatrix.com is ripping off your article PinsussAnonymous10:16 23 Jun '05  
GeneralRe: netomatrix.com is ripping off your article PinsussAnonymous10:18 23 Jun '05  
GeneralModifying File Access Permissions using Windows Scripting Host Pinmemberyrleu20:18 22 May '05  
GeneralSet Permissions Recursivelly PinsussRodrigo Vilar2:04 27 Apr '05  
QuestionAsk a question? Pinmembereckel3:03 14 May '04  
GeneralActive Directory Client Not Installed PinmemberFeldsinc12:50 12 Dec '03  
GeneralRe: Active Directory Client Not Installed PinsussAnonymous5:48 12 May '04  
GeneralActive Directory Client Not Installed PinsussKevin Tran12:47 12 Dec '03  
GeneralRe: Active Directory Client Not Installed PinmemberMember 193192221:40 25 Jun '09  
GeneralADsSecurityUtilityClass Pinmemberjorj516:00 3 Jul '03  
GeneralRe: ADsSecurityUtilityClass PinmemberSoftomatix10:57 3 Jul '03  
GeneralRe: ADsSecurityUtilityClass Pinmemberjorj5112:19 3 Jul '03  
GeneralRe: ADsSecurityUtilityClass Pinmemberversteijn8:47 12 Nov '03  
GeneralRe: ADsSecurityUtilityClass Pinmemberportyr1:07 24 Oct '03  
GeneralRe: ADsSecurityUtilityClass PinsussAnonymous0:51 11 Aug '05  
GeneralThe code is nice but... Pinmemberkbuchan6:18 5 May '03  
GeneralRe: The code is nice but... PinmemberSoftomatix5:48 7 May '03  
GeneralRe: The code is nice but... Pinmemberkbuchan6:00 7 May '03  
Last Visit: 0:33 28 May '12     Last Update: 20:32 27 May '12 1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Mobile
Web04 | 2.5.120517.1 | Last Updated 28 Apr 2003
Article Copyright 2003 by Softomatix
Everything else Copyright © CodeProject, 1999-2012
Terms of Use
Layout: fixed | fluid

The Code Project Insider. Free each morning.