Reading NTFS Permissions from .NET

[Ricky K. Rasmussen]

I'm writing a C# Windows Application that (among other things) should check
that certain filesystem permissions are set up correctly. For this I need to
be able to test if a certain user has certian permission to a certian folder
(eg. does the "ASPNET" user have "read" access to the "c:\inetpub\wwwroot"
folder).

The only answer I could come up with, was to impersonate the ASPNET user and
then try to access the folder. But how do I do that, when the ASPNET user
has no password? It doesn't sound like the right answer anyway.

All other postings/articles I've found was dealing with setting the
permissions. Does this mean that it isn't possible to read the NTFS
permissions programmatically?

/ricky

 

[Jordan E. Terrell]

Ricky,

I've not used this before, but take a look at it:

http://www.codeproject.com/dotnet/ntsecuritynet.asp

 

[Ricky K. Rasmussen]

Thanks Jordan,

The article brought me a little closer to a solution. I found a C# library
that does the same thing at:
http://www.gotdotnet.com/Community/...mpleGuid=e6098575-dda0-48b8-9abf-e0705af065d9
By using this I can list the ACL for a given folder.

I still have some challenges though...
As I wrote before I want to know if a user has a certain right to a certain
folder. So when I loop through a folders ACEs I need a way to findout if the
user is a member of the group of the ACE.

So my next question must be: Is there a way to tell if a user (SID) is a
member of a group (another SID)?

Thanks for your time,
RIcky