public class PermissionManager { /// <Summary> /// add users to a file, the user full control everyone group /// </ Summary> /// <param name = "filePath"> </ param> public static void AddSecurityControll2File ( String filePath) { // get the file information of the FileInfo the fileInfo = new new the FileInfo (filePath); // get access to the file System.Security.AccessControl.FileSecurity FileSecurity = fileInfo.GetAccessControl (); // add user group ereryone access full control rules fileSecurity.AddAccessRule ( new new the FileSystemAccessRule ( " the Everyone " , FileSystemRights.FullControl, AccessControlType.Allow)); // add access rules Users user group Full Control permissions fileSecurity.AddAccessRule ( new new the FileSystemAccessRule ( " Users " , FileSystemRights.FullControl, AccessControlType .Allow)); // set access permissions fileInfo.SetAccessControl (FileSecurity); } /// <Summary> /// folders adding users, full control of the user group everyone /// </ Summary> /// <param name = "dirPath"> </param> public static void AddSecurityControll2Folder ( String dirpath) { // get folder information DirectoryInfo dir = new new DirectoryInfo (dirpath); // get all access to the folder System.Security.AccessControl.DirectorySecurity dirSecurity = dir.GetAccessControl (AccessControlSections.All ); // set file ACL inheritance InheritanceFlags the inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; // add access rules ereryone user group full control permissions to the FileSystemAccessRule everyoneFileSystemAccessRule = new newThe FileSystemAccessRule ( " the Everyone " , FileSystemRights.FullControl, the Inherits, PropagationFlags.None, AccessControlType.Allow); // add access rules Users user group Full Control permissions to the FileSystemAccessRule usersFileSystemAccessRule = new new the FileSystemAccessRule ( " Users " , FileSystemRights.FullControl, the Inherits, PropagationFlags.None, AccessControlType.Allow); BOOL the isModified = to false ; dirSecurity.ModifyAccessRule (AccessControlModification.Add, everyoneFileSystemAccessRule, OUT the isModified); dirSecurity.ModifyAccessRule (AccessControlModification.Add, usersFileSystemAccessRule, OUT isModified); // set access permissions dir.SetAccessControl (dirSecurity); } /// <the Summary> /// remove a user's permissions for the folder /// < / Summary> /// <param name = "dirName"> </ param> /// <param name = "username"> </ param> static void removePermissions ( String dirName, String username) { String User = the System.Environment + .UserDomainName " \\ " + username; DirectoryInfo dirinfo = new DirectoryInfo(dirName); DirectorySecurity dsec = dirinfo.GetAccessControl(AccessControlSections.All); AuthorizationRuleCollection rules = dsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); foreach (AccessRule rule in rules) { if (rule.IdentityReference.Value == user) { bool value; dsec.PurgeAccessRules(rule.IdentityReference); dsec.ModifyAccessRule (AccessControlModification.RemoveAll, rule, OUT value); } } } /// <the Summary> /// project using the folder reserved only everyone permission, which allows users to read, but not write /// by the way, the code is the result of a special permissions to a folder, point into high-level look, you will find this child child and write access to special privileges are the same /// </ the Summary> /// <param name = "dirName"> </ param> public static void OnlyKeepEveryonePermissionsWithWriteNotAllowed ( String dirName) { the DirectoryInfo DirInfo = new new the DirectoryInfo (dirName); a DirectorySecurity objSecObj = dirinfo.GetAccessControl(); AuthorizationRuleCollection acl = objSecObj.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); objSecObj.SetAccessRuleProtection(true, false); //to remove inherited permissions foreach (FileSystemAccessRule ace in acl) //to remove any other permission { objSecObj.PurgeAccessRules(ace.IdentityReference); //same as use objSecObj.RemoveAccessRuleSpecific(ace); } InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit; FileSystemAccessRule everyoneFileSystemAccessRule = new FileSystemAccessRule("Everyone", FileSystemRights.ReadAndExecute | FileSystemRights.ListDirectory | FileSystemRights.Read, inherits, PropagationFlags.None, AccessControlType.Allow); FileSystemAccessRule everyoneFileSystemAccessRule2 = new FileSystemAccessRule("Everyone", FileSystemRights.Write, AccessControlType.Deny); bool isModified = false; objSecObj.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule2, out isModified); objSecObj.ModifyAccessRule(AccessControlModification.Add, everyoneFileSystemAccessRule, out isModified); dirinfo.SetAccessControl(objSecObj); } }