.net

[michallev]

I use windows authentication.

How can I fugure whether I have read permission for a certain directory?

In fact, what I need is a way to ask a directory which grous are allowed to read it. Once I'll have that I'll be able to cont.

Thanks,

Michal.

[Spyder2k]

I'd say the easiest way to do it is to parse and retrive info from 'cacls.exe'

see http://west-wind.com/weblog/posts/1040.aspx

[taitt2]

I generally use something like the following subroutine:

Imports ActiveDs
.
.
.
'sub get_ntfs_acl(ByVal path As String)
'
                Dim sdutil As New ADsSecurityUtility
	Dim sd As SecurityDescriptor = sdutil.GetSecurityDescriptor(path, ADS_PATHTYPE_ENUM.ADS_PATH_FILE, ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
	Dim acl As AccessControlList = sd.DiscretionaryAcl
	For Each ace As AccessControlEntry In acl
      console.writeline(ace.Trustee)
      console.writeline(ace.Flags)
      console.writeline(ace.AccessMask)
      console.writeline(ace.AceFlags)
      console.writeline(ace.AceType)
      console.writeline(ace.InheritedObjectType)
      console.writeline(ace.ObjectType)
                     console.writeline()
                Next ace
End sub

you have to use the ADSI interop, but it's a lot easer than the alternitives.

you will have to translate the AccessMask rights. I usually set it manualy, then look at what the value translates into.

I know this isn't a lot of detail. but if you search MSDN for security descriptors, you can get some more info. It's the same technique to read Active Directory Dacls, but you need a different way to creat the security descriptor object.