4

I'm working on a project where I have to perform sanity checks on files. I need to make sure the current system user has read access to the file, and I first tried doing it with:

var readPermission = new FileIOPermission(FileIOPermissionAccess.Read, filePath);

try
{
    readPermission.Demand();
}
catch (SecurityException ex)
{
    //handle the exception, which should be thrown if current user does NOT have the read permission
}

That did not work, e.g. no exception was thrown, and so i tried doing this:

var readPermission = new FileIOPermission(FileIOPermissionAccess.Read, filePath);


if(! SecurityManager.IsGranted(readPermission))
{

    throw new SecurityException(
        String.Format("System user: {0} does not have read access to file {1}", User.Identity.Name, filePath)
        );
}

the SecurityManager api seems to be mostly deprecated however, So that also seems like a dead end. Is there some other way to tell what permissions a user has to a file?

rasmus91
  • 3,024
  • 3
  • 20
  • 32
  • 2
    What exactly do you mean by it did not work - no exception was thrown yet you had no access? – Ricardo Peres Mar 16 '20 at 09:39
  • @RicardoPeres Exactly. – rasmus91 Mar 16 '20 at 09:44
  • Vote to close: It's seeking recommendations for books, software libraries, or other off-site resources. This question is likely to lead to opinion-based answers. – TomTom Mar 16 '20 at 09:48
  • 4
    @TomTom It is not off-topic to ask how to check if a file is readable... – Matthew Watson Mar 16 '20 at 09:51
  • @rasmus91 Are you calling `readPermission.Demand()` from a session running under the same credentials as when you want to read the file? What happens if, after `.Demand()` succeeds, you do `File.OpenRead(filePath).Close();` immediately after? Does it throw? – Matthew Watson Mar 16 '20 at 09:58
  • 2
    possible duplicate https://stackoverflow.com/questions/21623343 : you cannot rely on the result of this method. It seems there is no other way than trying to open the file with the required access. – devio Mar 16 '20 at 10:58
  • @rasmus91, let me know if you got a chance to try out the answer below. – Clint Mar 17 '20 at 13:41
  • 1
    @Clint I will as soon as I do (within the next 24 hours) unfortunately due to the whole Corona situation, my workdays are quite hectic, atm. I will let you know as soon as I have tried it though, and thank you very much – rasmus91 Mar 17 '20 at 13:43

1 Answers1

1
  • First, get Access control list (ACL) entries for the file described by the current FileInfo object, this is encapsulated in FileSecurity object
  • We then use GetAccessRules that gets a collection of the rules associated with aforementioned FileSecurity object
  • The Collection of rules represents AuthorizationRule objects which FileSystemAccessRule derives from, which you can interrogate to understand permission pertaining to the file

Snippet: Checks if test.txt has Read permissions (Has been tested using .Net Core)

using System;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Linq;

var MyPath = @"C:\Users\repos\test.txt";
var fInfo = new FileInfo(MyPath);

FileSecurity fSecurity = fInfo.GetAccessControl();

SecurityIdentifier usersSid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
FileSystemRights fileRights = FileSystemRights.Read | FileSystemRights.Synchronize; //All read only file usually have Synchronize added automatically when allowing access, refer the msdn doc link below

var rules = fSecurity.GetAccessRules(true, true, usersSid.GetType()).OfType<FileSystemAccessRule>();
var hasRights = rules.Where(r => r.FileSystemRights == fileRights).Any();

Nuget Prerequisite: System.IO.FileSystem.AccessControl

Reference: FileSystemRights Enums

Clint
  • 6,011
  • 1
  • 21
  • 28
  • 1
    Hello Again. Sadly this does not work for me, Namely because, and Obviously i should've mentioned this to begin with: The server is running on Linux, not Windows. So when i ran your code, I got: `Unhandled exception. System.PlatformNotSupportedException: Access Control List (ACL) APIs are part of resource management on Windows and are not supported on this platform.` – rasmus91 Mar 18 '20 at 13:41
  • 1
    @rasmus91, ahh that's a bummer lol. [check this out](https://stackoverflow.com/questions/45132081/file-permissions-on-linux-unix-with-net-core) – Clint Mar 18 '20 at 13:54
  • thanks a bunch. I'm not quite certain if I should accept your answer then (if you say it works, it probably does) but I can't quite use it in our environment. – rasmus91 Mar 18 '20 at 13:57