|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Finding out if user has privileges to a diectory.How can I, through VB.NET, find out if somebody has access to a specified
directory? The directory will be on an 2000 Server. TIA. Jeffrey. There are several ways, but the most appropriate will depend on at least two
criteria: 1. With what code access permissions will the code be running? 2. How do you define "access"? (See http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_frm/thread/de8d8902a906fc8e/382b60bb2c6f0737 for a thread on a similar topic.) Show quoteHide quote "UJ" <U*@nowhere.com> wrote in message news:eTbognHMFHA.3832@TK2MSFTNGP12.phx.gbl... > How can I, through VB.NET, find out if somebody has access to a specified > directory? The directory will be on an 2000 Server. > > TIA. > > Jeffrey. > > Here's what I'm trying to do - I want to have a 'global' directory on the
network that users can write to. When the user attempts to write to the directory, I need to make sure that they have writes to write to that directory. I'd rather give them a nice message instead of doing a try/catch when they are done (I'd like to let them know the directory doesn't exist/they don't have rights to it before we start.) Any suggestions? TIA Jeffrey. Show quoteHide quote "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message news:e4Qs50HMFHA.656@TK2MSFTNGP14.phx.gbl... > There are several ways, but the most appropriate will depend on at least > two criteria: > > 1. With what code access permissions will the code be running? > 2. How do you define "access"? (See > http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_frm/thread/de8d8902a906fc8e/382b60bb2c6f0737 > for a thread on a similar topic.) > > > "UJ" <U*@nowhere.com> wrote in message > news:eTbognHMFHA.3832@TK2MSFTNGP12.phx.gbl... >> How can I, through VB.NET, find out if somebody has access to a specified >> directory? The directory will be on an 2000 Server. >> >> TIA. >> >> Jeffrey. >> >> > > "UJ" <U*@nowhere.com> wrote in message You can display whatever message you like to a user regardless of whether news:OoLJ8o5MFHA.2576@TK2MSFTNGP10.phx.gbl... > Here's what I'm trying to do - I want to have a 'global' directory on the > network that users can write to. When the user attempts to write to the > directory, I need to make sure that they have writes to write to that > directory. I'd rather give them a nice message instead of doing a > try/catch when they are done the error condition is detected in a pre-write test or as a caught exception. Is this your only reason for wanting to perform the pre-write test? > (I'd like to let them know the directory doesn't exist/they don't have If the user has no permissions whatsoever on the directory, it won't be > rights to it before we start.) possible to determine whether the directory exists. Even if it were possible, you shouldn't announce the existence of the directory to a user with no permissions on it. > Any suggestions? Your write operation could fail for many reasons, not solely limited to user permissions. Given that this is a network directory, failures for other reasons will probably be much more common than failures due to permissions over the long term. To be honest, I just can't see any reason to avoid detecting potential permissions problems as caught exceptions in this case, particularly given that problems could creep in between any pre-write test and the actual write operation, so you'll need to handle the same exception set anyway... Show quoteHide quote > > TIA > > Jeffrey. > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > news:e4Qs50HMFHA.656@TK2MSFTNGP14.phx.gbl... >> There are several ways, but the most appropriate will depend on at least >> two criteria: >> >> 1. With what code access permissions will the code be running? >> 2. How do you define "access"? (See >> http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_frm/thread/de8d8902a906fc8e/382b60bb2c6f0737 >> for a thread on a similar topic.) >> >> >> "UJ" <U*@nowhere.com> wrote in message >> news:eTbognHMFHA.3832@TK2MSFTNGP12.phx.gbl... >>> How can I, through VB.NET, find out if somebody has access to a >>> specified directory? The directory will be on an 2000 Server. >>> >>> TIA. >>> >>> Jeffrey. >>> >>> >> >> > > And in fact, the try .. catch solution is the only correct one.
Lets say you do the check, and the user is allowed access. Then before you attempt to write the file, another application changes the ACL on the directory. Now, even though you did a pre-check and everything was OK, you still have to deal with the exception. The reverse also applies ... if you do the check, and it turns out hte user isn't allowed, but the ACL is changed to allow access while you pop your dialog. Now you've denied access when in fact the user should be permitted to write. In order to avoid the race condition, you need to just attempt to do it, and trap the error condition then. -Shawn http://blogs.msdn.com/shawnfa -- This posting is provided "AS IS" with no warranties, and confers no rights. Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated. -------------------- > From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> <e4Qs50HMFHA.***@TK2MSFTNGP14.phx.gbl> > References: <eTbognHMFHA.3***@TK2MSFTNGP12.phx.gbl> <OoLJ8o5MFHA.2***@TK2MSFTNGP10.phx.gbl> Show quoteHide quote > Subject: Re: Finding out if user has privileges to a diectory. http://groups-beta.google.com/group/microsoft.public.dotnet.security/browse_> Date: Tue, 29 Mar 2005 08:56:52 -0500 > Lines: 67 > X-Priority: 3 > X-MSMail-Priority: Normal > X-Newsreader: Microsoft Outlook Express 6.00.2900.2527 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > X-RFC2646: Format=Flowed; Response > Message-ID: <OMxMWmGNFHA.2***@tk2msftngp13.phx.gbl> > Newsgroups: microsoft.public.dotnet.security > NNTP-Posting-Host: modemcable209.143-202-24.mc.videotron.ca 24.202.143.209 > Path: TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl > Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.dotnet.security:9584 > X-Tomcat-NG: microsoft.public.dotnet.security > > "UJ" <U*@nowhere.com> wrote in message > news:OoLJ8o5MFHA.2576@TK2MSFTNGP10.phx.gbl... > > Here's what I'm trying to do - I want to have a 'global' directory on the > > network that users can write to. When the user attempts to write to the > > directory, I need to make sure that they have writes to write to that > > directory. I'd rather give them a nice message instead of doing a > > try/catch when they are done > > You can display whatever message you like to a user regardless of whether > the error condition is detected in a pre-write test or as a caught > exception. Is this your only reason for wanting to perform the pre-write > test? > > > > (I'd like to let them know the directory doesn't exist/they don't have > > rights to it before we start.) > > If the user has no permissions whatsoever on the directory, it won't be > possible to determine whether the directory exists. Even if it were > possible, you shouldn't announce the existence of the directory to a user > with no permissions on it. > > > > Any suggestions? > > Your write operation could fail for many reasons, not solely limited to user > permissions. Given that this is a network directory, failures for other > reasons will probably be much more common than failures due to permissions > over the long term. To be honest, I just can't see any reason to avoid > detecting potential permissions problems as caught exceptions in this case, > particularly given that problems could creep in between any pre-write test > and the actual write operation, so you'll need to handle the same exception > set anyway... > > > > > > TIA > > > > Jeffrey. > > > > "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message > > news:e4Qs50HMFHA.656@TK2MSFTNGP14.phx.gbl... > >> There are several ways, but the most appropriate will depend on at least > >> two criteria: > >> > >> 1. With what code access permissions will the code be running? > >> 2. How do you define "access"? (See > >> frm/thread/de8d8902a906fc8e/382b60bb2c6f0737 Show quoteHide quote > >> for a thread on a similar topic.) > >> > >> > >> "UJ" <U*@nowhere.com> wrote in message > >> news:eTbognHMFHA.3832@TK2MSFTNGP12.phx.gbl... > >>> How can I, through VB.NET, find out if somebody has access to a > >>> specified directory? The directory will be on an 2000 Server. > >>> > >>> TIA. > >>> > >>> Jeffrey. > >>> > >>> > >> > >> > > > > > > > 
Other interesting topics
IIS "secure communications"and "certificate" sections disabled.
Storing Client Certificates Windows Authentication question Re: RSA Encrypt/Decrypt Problems License File Generator Using Digital Signatures Difference between Full Trust and Everything SecurityCritical, SecurityTreatAsSafe and SecurityTransparent Attributes? Re: full trus and 1.1 SP1 Howto obtain WindowsIdentity for client calling method on COM+ application? ildasm |
|||||||||||||||||||||||
