我想列出用户具有读取访问权限的文件夹中的所有文件。用户访问网站并可以对网站的某些方面使用表单例份验证(例如添加链接等),但我想使用他们的 Windows 凭据列出给定文件夹中的文件(因为我关闭了匿名访问),隐藏他们的文件无法阅读。
但是,当使用Directory.GetFiles时,它还包含无法读取的文件(尽管可以读取元数据(文件大小、创建日期等))。
这就是我所拥有的:
string[] files;
string[] folders;
string rootDir = @"\\server\path\to\dir\";
WindowsIdentity id = (WindowsIdentity)User.Identity ;
using (System.Security.Principal.WindowsImpersonationContext context = System.Security.Principal.WindowsIdentity.Impersonate(id.Token))
{
files = Directory.GetFiles(rootDir);
folders = Directory.GetDirectories(rootDir);
foreach (string file in files)
{
FileInfo fi = new FileInfo(file);
FileSecurity fs = fi.GetAccessControl(AccessControlSections.Access);
//foreach (FileSystemAccessRule rule in fs.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)))
//{
// Response.Write((FileSystemRights.Read & rule.FileSystemRights) + " <br />");
//}
Response.Write(file + " " + fi.Length + "<br />");
}
context.Undo();
}
当我访问该页面时,一旦使用 GetAccessControl,我就会收到 UnauthorizedAccessException,即使它应该使用当前的用户凭据。关闭 using 失败,因为 asp.net 帐户无权访问该文件夹。当 FileSecurity 被注释掉时,它会列出所有文件。
堆栈跟踪:
[UnauthorizedAccessException: Attempted to perform an unauthorized operation.]
System.Security.AccessControl.Win32.GetSecurityInfo(ResourceType resourceType, String name, SafeHandle handle, AccessControlSections accessControlSections, RawSecurityDescriptor& resultSd) +697
System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext) +63
System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory) +86
System.Security.AccessControl.FileSecurity..ctor(String fileName, AccessControlSections includeSections) +42
System.IO.FileInfo.GetAccessControl(AccessControlSections includeSections) +29
UNCDirectory.Page_Load(Object sender, EventArgs e) +213
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +99
System.Web.UI.Control.LoadRecursive() +50
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627
有什么想法可以做到这一点,而不需要尝试打开每个文件并捕获发生的异常吗?
最佳答案
设法修复它。当您拒绝读取文件时,它也会拒绝读取权限,因此会出现 UnauthorizedAccessException。因此,使用 try...catch ... 看起来是唯一的选择。
如果读取被拒绝并且读取权限被允许(在高级设置下完成),则可以防止异常。这可以处理两者:
string[] files;
string[] folders;
WindowsIdentity id = (WindowsIdentity)User.Identity;
using (System.Security.Principal.WindowsImpersonationContext context = id.Impersonate())
{
files = Directory.GetFiles(RootDir);
folders = Directory.GetDirectories(RootDir);
foreach (string file in files)
{
FileInfo fi = new FileInfo(file);
FileSecurity fs = null;
try
{
fs = fi.GetAccessControl(AccessControlSections.Access);
}
catch (UnauthorizedAccessException)
{
goto Next;
}
foreach (FileSystemAccessRule rule in fs.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)))
{
if (id.User.CompareTo(rule.IdentityReference as SecurityIdentifier) == 0)
{
if(rule.AccessControlType.ToString() == "Deny" &&
rule.FileSystemRights.ToString().Contains("ReadData"))
{
goto Next;
}
}
}
Response.Write(file + " " + fi.Length + "<br />");
// next in sequence. label for goto
Next: ;
}
context.Undo();
}
现在,文件可以在任何目录中列出(使用模拟),而无需授予 ASP.NET 帐户(通常是网络服务)访问权限。
关于c# - 列出用户具有读取权限的文件 (ASP.NET),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/2209264/