This the second article related to ACL, the first one is “Changing file ACL in Windows programmatically”. Going through WellKnownSidType commonly used security identifiers. I found some which I never heard about and several legacy ones, for example DIALUP. Just for fun I decided to test how this user permission look like in the file security properties. I create small c# application which add or remove this access control entity to/form express843.pdf files to the file ACL. By the way express843.pdf belongs to my Wordchaos Javascript project. The code:
using System;
using System.IO;
using System.Security;
using System.Security.AccessControl;
using System.Security.Principal;
namespace AccessControl
{
class Program
{
static void Main(string[] args)
{
bool removedAU = false;
try
{
FileInfo fi = new FileInfo("d:\\alex\\express843.pdf");
FileSecurity security = fi.GetAccessControl(AccessControlSections.Access);
AuthorizationRuleCollection arc = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (FileSystemAccessRule fsar in arc)
{
if(fsar.IdentityReference.Value.Equals("NT AUTHORITY\\DIALUP"))
{
removedAU = true;
security.RemoveAccessRule(fsar);
break;
}
}
if (!removedAU)
{
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.DialupSid, null);
security.AddAccessRule(
new FileSystemAccessRule(sid,
FileSystemRights.FullControl,
InheritanceFlags.None, //.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow));
}
fi.SetAccessControl(security);
}
catch (Exception ex)
{
Console.WriteLine(“Exception: ” + ex.Message);
}
}
}
}
|
This works and how DIALUP ACE looks in express843.pdf ACL: