This documentation is archived and is not being maintained.

DirectorySecurity Class

Updated: February 2010

Represents the access control and audit security for a directory. This class cannot be inherited.

Namespace:  System.Security.AccessControl
Assembly:  mscorlib (in mscorlib.dll)

'Declaration
Public NotInheritable Class DirectorySecurity _
	Inherits FileSystemSecurity
'Usage
Dim instance As DirectorySecurity

The DirectorySecurity class specifies the access rights for a system directory and how access attempts are audited. This class represents access and audit rights as a set of rules. Each access rule is represented by a FileSystemAccessRule object, while each audit rule is represented by a FileSystemAuditRule object.

The DirectorySecurity class is an abstraction of the underlying Microsoft Windows file security system. In this system, each directory has a discretionary access control list (DACL), which controls access to the directory, and a system access control list (SACL), which specifies the access control attempts that are audited. The FileSystemAccessRule and FileSystemAuditRule classes are abstractions of the access control entries (ACEs) that comprise DACLs and SACLs.

The DirectorySecurity class hides many of the details of DACLs and SACLs; you do not have to worry about ACE ordering or null DACLS.

Use the FileSecurity class to retrieve, add, or change the access rules that represent the DACL and SACL of a file.

The following tables lists methods to use for accessing and maintaining directory security.

Tasks

Methods

Add rules

AddAccessRule

AddAuditRule

Remove rules

RemoveAccessRule

RemoveAuditRule

Retrieve the assess control to a directory

Directory.GetAccessControl

DirectoryInfo.GetAccessControl

Persist the access control to a directory

Directory.SetAccessControl

DirectoryInfo.SetAccessControl

The following code example uses the DirectorySecurity class to add and then remove an access control list (ACL) entry from a directory. You must supply a valid user or group account to run this example.

Imports System
Imports System.IO
Imports System.Security.AccessControl



Module DirectoryExample

    Sub Main()
        Try 
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

        Console.ReadLine()

    End Sub 


    ' Adds an ACL entry on the specified directory for the specified account. 
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject. 
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the  
        ' current security settings. 
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub 


    ' Removes an ACL entry on the specified directory for the specified account. 
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object. 
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the  
        ' current security settings. 
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub 
End Module

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0

Date

History

Reason

February 2010

Updated remarks.

Content bug fix.

Show: