安裝程式中設置目錄權限
//首先添加对于 System.Management.dll的引用.
//然后创建一个类SetDirPopedom
using System;
using System.Text;
using System.Management;
using System.Runtime.InteropServices;
using System.Collections;
namespace Drpeng.HS.MiniUIInstaller
{
/// <summary>
/// SetDirPopedom 的摘要说明。
/// </summary>
public sealed class SetDirPopedom
{
static SetDirPopedom()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
#region SetDirOperation
[DllImport("advapi32.dll")]
public static extern bool LookupAccountName(string lpSystemName, string lpAccountName,byte[] sid,ref int cbSid, StringBuilder ReferencedDomainName, ref int cbReferencedDomainName,ref int peUse);
public static string GetFileSystem(string diskName)
{
string fileSystem="";
System.Management.ManagementObjectSearcher diskClass = new ManagementObjectSearcher("select filesystem from Win32_LogicalDisk where name='"+diskName+":'");
ManagementObjectCollection disks=diskClass.Get();
foreach(ManagementObject disk in disks)
{
PropertyDataCollection diskProperties=disk.Properties;
foreach (PropertyData diskProperty in diskProperties)
{
fileSystem = diskProperty.Value.ToString();
}
}
return fileSystem;
}
public static bool FindTrustee(string filePath,string userName)
{
ArrayList trusteesName=new ArrayList();
ManagementPath path = new ManagementPath( );
path.Server = ".";
path.NamespacePath = @"rootcimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='"+filePath+"'";//定位到文件夹
ManagementObject dir = new ManagementObject(path);
ManagementBaseObject outParams = dir.InvokeMethod("GetSecurityDescriptor", null, null);//获取安全描述符
if(((uint)(outParams.Properties["ReturnValue"].Value)) != 0) //OK
{
throw new Exception("获取文件描述符失败");
}
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value)); //获取访问控制列表
for(int i=0;i<DaclObject.Length;i++)
{
trusteesName.Add(((ManagementBaseObject)DaclObject[i].Properties["Trustee"].Value).Properties["Name"].Value);
}
return trusteesName.Contains(userName);
}
public static void SetDACL(string filePath,string userName)
{
//获取帐户信息
int cbSid = 100;
byte[] userSid = new byte[28] ;
StringBuilder domainName=new StringBuilder(255);
int domainNameLength = 255;
int sidType =255;
bool result = LookupAccountName(null, userName,userSid, ref cbSid, domainName,ref domainNameLength,ref sidType);
if(!result)
return;
//获取文件描述符
ManagementPath path = new ManagementPath();
path.Server = ".";
path.NamespacePath = @"rootcimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='"+filePath+"'";
ManagementObject dir = new ManagementObject(path);
ManagementBaseObject outParams = dir.InvokeMethod("GetSecurityDescriptor", null, null);
if(((uint)(outParams.Properties["ReturnValue"].Value)) != 0)
{
throw new Exception("获取文件描述符失败");
}
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
//获取访问控制列表
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
//复制一个访问控制项
ManagementBaseObject ace=(ManagementBaseObject)DaclObject[0].Clone();
//设置访问控制项属性
ManagementBaseObject trustee=(ManagementBaseObject)ace.Properties["Trustee"].Value;
trustee.Properties["Domain"].Value=domainName.ToString();
trustee.Properties["Name"].Value=userName;
trustee.Properties["SID"].Value=userSid;
trustee.Properties["SidLength"].Value=28;//trustee.Properties["SIDString"].Value="S-1-5-21-602162358-708899826-854245398-1005";
ace.Properties["Trustee"].Value=trustee;
ace.Properties["AccessMask"].Value=2032127;
ace.Properties["AceFlags"].Value=3;
ace.Properties["AceType"].Value=0;
//复制一份访问控制列表,并将以上生成的访问控制项添加到其后。
ManagementBaseObject[] newDacl=new ManagementBaseObject[DaclObject.Length+1];
for(int i=0;i<DaclObject.Length;i++)
{
newDacl[i]=DaclObject[i];
}
newDacl[DaclObject.Length]=ace;
//将安全描述符的DACL属性设为新生成的访问控制列表
Descriptor.Properties["Dacl"].Value=newDacl;
//设置安全描述符
dir.Scope.Options.EnablePrivileges=true;
ManagementBaseObject inProperties=dir.GetMethodParameters("SetSecurityDescriptor");
inProperties["Descriptor"] = Descriptor;
outParams = dir.InvokeMethod("SetSecurityDescriptor", inProperties, null);
}
#endregion
}
}
using System.Text;
using System.Management;
using System.Runtime.InteropServices;
using System.Collections;
namespace Drpeng.HS.MiniUIInstaller
{
/// <summary>
/// SetDirPopedom 的摘要说明。
/// </summary>
public sealed class SetDirPopedom
{
static SetDirPopedom()
{
//
// TODO: 在此处添加构造函数逻辑
//
}
#region SetDirOperation
[DllImport("advapi32.dll")]
public static extern bool LookupAccountName(string lpSystemName, string lpAccountName,byte[] sid,ref int cbSid, StringBuilder ReferencedDomainName, ref int cbReferencedDomainName,ref int peUse);
public static string GetFileSystem(string diskName)
{
string fileSystem="";
System.Management.ManagementObjectSearcher diskClass = new ManagementObjectSearcher("select filesystem from Win32_LogicalDisk where name='"+diskName+":'");
ManagementObjectCollection disks=diskClass.Get();
foreach(ManagementObject disk in disks)
{
PropertyDataCollection diskProperties=disk.Properties;
foreach (PropertyData diskProperty in diskProperties)
{
fileSystem = diskProperty.Value.ToString();
}
}
return fileSystem;
}
public static bool FindTrustee(string filePath,string userName)
{
ArrayList trusteesName=new ArrayList();
ManagementPath path = new ManagementPath( );
path.Server = ".";
path.NamespacePath = @"rootcimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='"+filePath+"'";//定位到文件夹
ManagementObject dir = new ManagementObject(path);
ManagementBaseObject outParams = dir.InvokeMethod("GetSecurityDescriptor", null, null);//获取安全描述符
if(((uint)(outParams.Properties["ReturnValue"].Value)) != 0) //OK
{
throw new Exception("获取文件描述符失败");
}
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value)); //获取访问控制列表
for(int i=0;i<DaclObject.Length;i++)
{
trusteesName.Add(((ManagementBaseObject)DaclObject[i].Properties["Trustee"].Value).Properties["Name"].Value);
}
return trusteesName.Contains(userName);
}
public static void SetDACL(string filePath,string userName)
{
//获取帐户信息
int cbSid = 100;
byte[] userSid = new byte[28] ;
StringBuilder domainName=new StringBuilder(255);
int domainNameLength = 255;
int sidType =255;
bool result = LookupAccountName(null, userName,userSid, ref cbSid, domainName,ref domainNameLength,ref sidType);
if(!result)
return;
//获取文件描述符
ManagementPath path = new ManagementPath();
path.Server = ".";
path.NamespacePath = @"rootcimv2";
path.RelativePath = @"Win32_LogicalFileSecuritySetting.Path='"+filePath+"'";
ManagementObject dir = new ManagementObject(path);
ManagementBaseObject outParams = dir.InvokeMethod("GetSecurityDescriptor", null, null);
if(((uint)(outParams.Properties["ReturnValue"].Value)) != 0)
{
throw new Exception("获取文件描述符失败");
}
ManagementBaseObject Descriptor = ((ManagementBaseObject)(outParams.Properties["Descriptor"].Value));
//获取访问控制列表
ManagementBaseObject[] DaclObject = ((ManagementBaseObject[])(Descriptor.Properties["Dacl"].Value));
//复制一个访问控制项
ManagementBaseObject ace=(ManagementBaseObject)DaclObject[0].Clone();
//设置访问控制项属性
ManagementBaseObject trustee=(ManagementBaseObject)ace.Properties["Trustee"].Value;
trustee.Properties["Domain"].Value=domainName.ToString();
trustee.Properties["Name"].Value=userName;
trustee.Properties["SID"].Value=userSid;
trustee.Properties["SidLength"].Value=28;//trustee.Properties["SIDString"].Value="S-1-5-21-602162358-708899826-854245398-1005";
ace.Properties["Trustee"].Value=trustee;
ace.Properties["AccessMask"].Value=2032127;
ace.Properties["AceFlags"].Value=3;
ace.Properties["AceType"].Value=0;
//复制一份访问控制列表,并将以上生成的访问控制项添加到其后。
ManagementBaseObject[] newDacl=new ManagementBaseObject[DaclObject.Length+1];
for(int i=0;i<DaclObject.Length;i++)
{
newDacl[i]=DaclObject[i];
}
newDacl[DaclObject.Length]=ace;
//将安全描述符的DACL属性设为新生成的访问控制列表
Descriptor.Properties["Dacl"].Value=newDacl;
//设置安全描述符
dir.Scope.Options.EnablePrivileges=true;
ManagementBaseObject inProperties=dir.GetMethodParameters("SetSecurityDescriptor");
inProperties["Descriptor"] = Descriptor;
outParams = dir.InvokeMethod("SetSecurityDescriptor", inProperties, null);
}
#endregion
}
}
//使用
/// <summary>
/// 设置目录访问权限
/// </summary>
/// <param name="_Path">路径</param>
/// <param name="userName">访问帐号</param>
private void SetDirAspNet(string _Path, string userName)
{
if(SetDirPopedom.GetFileSystem(_Path.Substring(0,1)) != "NTFS")
return;
if(SetDirPopedom.FindTrustee(_Path, userName))
return;
SetDirPopedom.SetDACL(_Path, userName);
}
/// 设置目录访问权限
/// </summary>
/// <param name="_Path">路径</param>
/// <param name="userName">访问帐号</param>
private void SetDirAspNet(string _Path, string userName)
{
if(SetDirPopedom.GetFileSystem(_Path.Substring(0,1)) != "NTFS")
return;
if(SetDirPopedom.FindTrustee(_Path, userName))
return;
SetDirPopedom.SetDACL(_Path, userName);
}
浙公网安备 33010602011771号