WTarlton
asked on
vb.net adding permissions to a folder for multiple users? help me with this code please
This procedure works great for adding ONE user to a folder but if I run it for multiple times (one for each user) it overwrites the security of the whole folder. Is there a way to just append the rights without overwriting everything?
Imports System.Security.AccessCont rol
Friend Enum DirectoryPermission
Full
Modify
AllExceptModifyAndFull
AllExceptFull
ReadAndExecute
ListContents
Read
Write
Custom
None
End Enum
Private Sub SetDirectoryPermissions(By Val Directory As String, ByVal Permissions As DirectoryPermission, Optional ByVal Domain As String = Nothing, Optional ByVal User As String = Nothing, Optional ByVal Custom As Long = 0)
' Get the ACL for the directory just created
Dim oACL As Security.AccessControl.Dir ectorySecu rity = IO.Directory.GetAccessCont rol(IO.Pat h.GetDirec toryName(D irectory), Security.AccessControl.Acc essControl Sections.A ccess)
Dim lRights As Long = 0
Dim lInheritance As Long
'Dim oUserSid As Security.Principal.Securit yIdentifie r
'If Not IsNothing(Domain) AndAlso Not IsNothing(User) Then
' oUserSid = New Security.Principal.NTAccou nt(Domain, User).Translate(GetType(Se curity.Pri ncipal.Sec urityIdent ifier))
'ElseIf Not IsNothing(User) Then
' oUserSid = New Security.Principal.NTAccou nt(User).T ranslate(G etType(Sec urity.Prin cipal.Secu rityIdenti fier))
'Else
' ' Create a security Identifier for the BUILTIN\Users group to be passed to the new access rule
' oUserSid = New Security.Principal.Securit yIdentifie r(Security .Principal .WellKnown SidType.Bu iltinUsers Sid, Nothing)
'End If
Dim oUserSid As Security.Principal.Securit yIdentifie r
Try
oUserSid = New Security.Principal.NTAccou nt(Domain, User).Translate(GetType(Se curity.Pri ncipal.Sec urityIdent ifier))
Catch
frmDebug.Message(vbCrLf & "**** Unable to find user! ****" & vbCrLf)
Exit Sub
End Try
Select Case Permissions
Case DirectoryPermission.Full
lRights = Security.AccessControl.Fil eSystemRig hts.FullCo ntrol
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.Modify
lRights = Security.AccessControl.Fil eSystemRig hts.Modify Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.ReadAn dExecute
lRights = Security.AccessControl.Fil eSystemRig hts.ReadAn dExecute Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.AllExc eptModifyA ndFull
lRights = Security.AccessControl.Fil eSystemRig hts.Write Or Security.AccessControl.Fil eSystemRig hts.ReadAn dExecute Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.AllExc eptFull
lRights = Security.AccessControl.Fil eSystemRig hts.Write Or Security.AccessControl.Fil eSystemRig hts.ReadAn dExecute Or Security.AccessControl.Fil eSystemRig hts.Modify Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.ListCo ntents
lRights = Security.AccessControl.Fil eSystemRig hts.ReadAn dExecute Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit
Case DirectoryPermission.Read
lRights = Security.AccessControl.Fil eSystemRig hts.Read Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.Write
lRights = Security.AccessControl.Fil eSystemRig hts.Write Or Security.AccessControl.Fil eSystemRig hts.Synchr onize
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.Custom
lRights = Custom
lInheritance = Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit
Case DirectoryPermission.None
lRights = 0
lInheritance = 0
End Select
' Create the rule that needs to be added to the ACL
Dim oRule As New Security.AccessControl.Fil eSystemAcc essRule(oU serSid,
lRights,
lInheritance,
Security.AccessControl.Pro pagationFl ags.None,
Security.AccessControl.Acc essControl Type.Allow )
' Add the new rule to our ACL
oACL.AddAccessRule(oRule)
' Update the directory to include the new rules created
System.IO.Directory.SetAcc essControl (Directory , oACL)
End Sub
Imports System.Security.AccessCont
Friend Enum DirectoryPermission
Full
Modify
AllExceptModifyAndFull
AllExceptFull
ReadAndExecute
ListContents
Read
Write
Custom
None
End Enum
Private Sub SetDirectoryPermissions(By
' Get the ACL for the directory just created
Dim oACL As Security.AccessControl.Dir
Dim lRights As Long = 0
Dim lInheritance As Long
'Dim oUserSid As Security.Principal.Securit
'If Not IsNothing(Domain) AndAlso Not IsNothing(User) Then
' oUserSid = New Security.Principal.NTAccou
'ElseIf Not IsNothing(User) Then
' oUserSid = New Security.Principal.NTAccou
'Else
' ' Create a security Identifier for the BUILTIN\Users group to be passed to the new access rule
' oUserSid = New Security.Principal.Securit
'End If
Dim oUserSid As Security.Principal.Securit
Try
oUserSid = New Security.Principal.NTAccou
Catch
frmDebug.Message(vbCrLf & "**** Unable to find user! ****" & vbCrLf)
Exit Sub
End Try
Select Case Permissions
Case DirectoryPermission.Full
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.Modify
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.ReadAn
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.AllExc
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.AllExc
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.ListCo
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.Read
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.Write
lRights = Security.AccessControl.Fil
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.Custom
lRights = Custom
lInheritance = Security.AccessControl.Inh
Case DirectoryPermission.None
lRights = 0
lInheritance = 0
End Select
' Create the rule that needs to be added to the ACL
Dim oRule As New Security.AccessControl.Fil
lRights,
lInheritance,
Security.AccessControl.Pro
Security.AccessControl.Acc
' Add the new rule to our ACL
oACL.AddAccessRule(oRule)
' Update the directory to include the new rules created
System.IO.Directory.SetAcc
End Sub
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for trying to help. Same behavior made no difference.
example usage:
SetPermission(Environment.MachineName & "\ASPNET", "c:\shared", FileSystemRights.Read & FileSystemRights.Write)
ASKER
sedgwick,
That worked and was able to add multiple users. I had to change the InheritanceFlags.Container Inherit & InheritanceFlags.ObjectInh erit to InheritanceFlags.None because it threw an error.
One problem with this method however is that it is adding the rights as "Special Permissions" which I don't want.
That worked and was able to add multiple users. I had to change the InheritanceFlags.Container
One problem with this method however is that it is adding the rights as "Special Permissions" which I don't want.
ASKER
Got it fixed! This is your code with the changes
Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
Dim di As DirectoryInfo = New DirectoryInfo(folder)
Dim ds As DirectorySecurity = di.GetAccessControl()
ds.AddAccessRule(New FileSystemAccessRule(usern ame, fsRights, Security.AccessControl.Inh eritanceFl ags.Contai nerInherit Or Security.AccessControl.Inh eritanceFl ags.Object Inherit, PropagationFlags.None, AccessControlType.Allow))
di.SetAccessControl(ds)
End Sub
Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
Dim di As DirectoryInfo = New DirectoryInfo(folder)
Dim ds As DirectorySecurity = di.GetAccessControl()
ds.AddAccessRule(New FileSystemAccessRule(usern
di.SetAccessControl(ds)
End Sub
Dim oACL As Security.AccessControl.Dir
to
Dim oACL As Security.AccessControl.Dir
?