File 在.NET Core中支持文件安全性
我们正在将.NET4.0类库移植到.NETCore1.1,突然发现.NETCoreClR中对文件安全性和权限的支持非常有限 我们试图如下所示设置对文件的访问控制权限,似乎FileInfo不再具有任何SetAccessControl或GetAccessControlFile 在.NET Core中支持文件安全性,file,security,.net-core,File,Security,.net Core,我们正在将.NET4.0类库移植到.NETCore1.1,突然发现.NETCoreClR中对文件安全性和权限的支持非常有限 我们试图如下所示设置对文件的访问控制权限,似乎FileInfo不再具有任何SetAccessControl或GetAccessControl // Get a FileSecurity object that represents the // current security settings. FileSecurity fSecurity = File
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
目标只是将执行权限添加到文件的当前所有者。由于使用率低且特定于Windows,这些API未包含在.NET标准中 请参阅此处关于将其排除在.NET标准之外的讨论: 作为一种解决方法,有一个NuGet软件包提供以下功能:
还有一个相关问题:在dotnet标准/核心中: 如用户bvpb所述导入NuGet包
System.IO.FileSystem.AccessControl
然后将其替换为(仅适用于.NET Framework):
使用此选项(适用于所有版本的.NET):
您可能需要
AccessControlSections.All
,这需要运行此代码的帐户具有更多权限。哇,有这么多信息,尽管文档中说在.NET Core 3.1中您无法执行DirectoryInfo.SetAccessRule,但它已编译并运行
更新:啊哈!文档中说这是受支持的,并且可以正常工作。是否有SetAccessControl方法
确保添加System.IO.FileSystem.AccessControl
numget包
以下是我在.NET Framework中的内容:
FileSecurity fSecurity = File.GetAccessControl(fileName);
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
Directory.SetAccessControl(<path to directory>, ds);
var ds=new DirectorySecurity();
ds.AddAccessRule(新的FileSystemAccessRule(adminSI,FileSystemRights.FullControl,InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,PropagationFlags.None,AccessControlType.Allow));
ds.SetAccessRuleProtection(真、假);//禁用继承并清除所有继承的权限
SetAccessControl(,ds);
下面是它在.NETCore3.1中的工作原理。只有最后一行不同:
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
System.IO.FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(<path to directory>), ds);
var ds=new DirectorySecurity();
ds.AddAccessRule(新的FileSystemAccessRule(adminSI,FileSystemRights.FullControl,InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,PropagationFlags.None,AccessControlType.Allow));
ds.SetAccessRuleProtection(真、假);//禁用继承并清除所有继承的权限
System.IO.FileSystemAclExtensions.SetAccessControl(新的DirectoryInfo(),ds);
var ds = new DirectorySecurity();
ds.AddAccessRule(new FileSystemAccessRule(adminSI, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
ds.SetAccessRuleProtection(true, false); // disable inheritance and clear any inherited permissions
System.IO.FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(<path to directory>), ds);