4

I have a shared folder. How do I check in C# whether the current user has been given access to the folder?

I have tried SecurityManager.IsGranted but somehow it is not doing me any good. Probably because it is for a file, not for a folder.

Sam
  • 7,252
  • 16
  • 46
  • 65
user3773872
  • 61
  • 1
  • 4
  • 2
    Copy/paste your question title into the Google search box, take the first hit. – Hans Passant Sep 09 '14 at 17:07
  • By "access", which privileges specifically are you referring to? There's enumerate contents access, read data access, create files access, write data access... etc etc. You should look at the [FileSystemRights](http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights(v=vs.110).aspx) enum to figure out what you want to check. For just read/write, I'd recommend just trying it and catching any exceptions. – Asad Saeeduddin Sep 09 '14 at 17:11
  • 1
    @HansPassant I just got this question when I did it :) – DLeh Sep 09 '14 at 18:00

2 Answers2

5

Use Directory.Exists it will return false if you don't have permission.

See the Remarks section in MSDN

Also as suggested in the answer by @jbriggs You should get an UnautorizedAccessException if you don't have access.

Syed Ali Taqi
  • 4,898
  • 3
  • 34
  • 44
0

If I recall correctly you have to just try to write something to the folder or read something from the folder and catch the exception.

Edit: you could do the following, however I'm not sure it works in every situation (like if permissions are allowed or denied for the users group)

public bool HasAccess(string path, string user)
{
System.Security.Principal.SecurityIdentifier sid = new System.Security.Principal.SecurityIdentifier(System.Security.Principal.WellKnownSidType.WorldSid, null);
System.Security.Principal.NTAccount acct = sid.Translate(typeof(System.Security.Principal.NTAccount)) as System.Security.Principal.NTAccount;
bool userHasAccess = false;
if( Directory.Exists(path))
{
  DirectorySecurity sec = Directory.GetAccessControl(path);
  AuthorizationRuleCollection rules = sec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
  foreach (AccessRule rule in rules)
  {
    // check is the Everyone account is denied
    if (rule.IdentityReference.Value == acct.ToString() && 
        rule.AccessControlType == AccessControlType.Deny)
    {
      userHasAccess = false;
      break;
    }
    if (rule.IdentityReference.Value == user)
    {
      if (rule.AccessControlType != AccessControlType.Deny)                 
        userHasAccess = true;
      else
        userHasAccess = false;
      break;
    }
  }
}
return userHasAccess;
}
jbriggs
  • 353
  • 2
  • 10
  • It's bad practice to use `try catch` as a conditional statement. – DLeh Sep 09 '14 at 18:00
  • 2
    @DLeh Do you know any other way? It's not bad practice if there's not a better way. Using Directory.Exist isn't a valid solution in my opinion. What if the user check Directory.Exist it returns false due to permisions, so the directory actually does exist, the user then does Directory.CreateDirectory and an exception is thrown anyway. – jbriggs Sep 10 '14 at 19:17
  • the question was marked as duplicate anyway. Look at the other answers anyway. Yes, this is something you might need to be aware of if you're creating a directory and catch, but OP is only asking to check the access on a directory. – DLeh Sep 10 '14 at 20:00
  • 1
    The answer from the question this is marked a duplicate of is wrong. Try creating a directory and denying access to a differnt user. The CanRead function of the other answer will return false. – jbriggs Sep 10 '14 at 20:53