System.IO.Directory.CreateDirectory 仅具有当前用户的权限?
我希望 asp 应用程序创建一个只能访问应用程序运行的帐户(即 asp 帐户?)的文件夹,
我实际上想使用 这个,但我不知道如何动态使用“Computer\CurrentAccount”。
我想获取当前的工作帐户。
谢谢。
I want the asp application to create a folder that has access only to the account the application was running with (i.e. asp account?)
I actually wanna use this one, but I don't know how to use the "Computer\CurrentAccount" dynamically.
I want to get the current working account.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有一个创建
DirectorySecurity
实例并为指定用户添加 ACE 此处(但使用默认构造函数以空 ACL 开头)。要获取帐户的 SID,有两种可能性(这些需要测试):
第一种方法是依赖进程的所有者是目录的所有者。 如果进行模拟(例如,在 Windows 身份验证下将客户端的身份用于对文件系统内容的访问控制),这可能会被破坏:
从进程令牌获取进程所有者的第二种方法,这将需要 P/Invoke。 这包括一个示例: http://www.codeproject.com/KB/cs/processownersid .aspx,获得 SID 后,为其创建一个 SecurityIdentifier 实例,并按照上述步骤创建 ACL。
There is an example of creating a
DirectorySecurity
instance and adding an ACE for a named user here (but use the default constructor to start with an empty ACL).To get the SID of the account there are two possibilities (these need testing):
The first approach is to rely on the owner of the process being the owner of the directory. This is likely to break if doing impersonation (e.g. under Windows Authentication to have the client's identity used for access control to filesystem content):
The second approach to to get the process owner from the process Token, this will require P/Invoke. This includes an example: http://www.codeproject.com/KB/cs/processownersid.aspx, once you have the SID create a SecurityIdentifier instance for it and follow the above to create the ACL.