System.IO.Directory.CreateDirectory with permissions for only this current user?

10,935

There is an example of creating a DirectorySecurity instance and adding an ACE for a named user here (but use the default constructor to start with an empty ACL).

To get the SID of the account there are two possibilities (these need testing):

The first approach is to rely on the owner of the process being the owner of the directory. This is likely to break if doing impersonation (e.g. under Windows Authentication to have the client's identity used for access control to filesystem content):

var ds = new DirectorySecurity();
var sid = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, null)
var ace = new FileSystemAccessRule(sid,
                                   FileSystemRights.FullControl,
                                   AccessControlType.Allow);
ds.AddAccessRule(ace);

The second approach to to get the process owner from the process Token, this will require P/Invoke. This includes an example: http://www.codeproject.com/KB/cs/processownersid.aspx, once you have the SID create a SecurityIdentifier instance for it and follow the above to create the ACL.

Share:
10,935
Shimmy Weitzhandler
Author by

Shimmy Weitzhandler

Updated on June 04, 2022

Comments

  • Shimmy Weitzhandler
    Shimmy Weitzhandler almost 2 years

    I want the asp application to create a folder that has access only to the account the application was running with (i.e. asp account?)

    I actually wanna use this one, but I don't know how to use the "Computer\CurrentAccount" dynamically.

    I want to get the current working account.

    Thanks.