Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / October 2006

Tip: Looking for answers? Try searching our database.

Error with GetAccessControl()

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Ryan - 25 Sep 2006 16:48 GMT
Hi,

I've written a very quick console app to recursive through a directory tree
and display directories that have explicit file permissions (code below).  It
works, but GetAccessControl() fails on some folders (always the same) with
the error:

The binary form of an ACE object is invalid.
Parameter name: binaryForm

I've had a look at the folder properties, security tab for a couple of the
affected folders and everything seems to look ok.

Anyone have any ideas?

Thanks,
Ryan

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Principal;
using System.Security.AccessControl;

namespace CheckACLs {
   class Program {
       static void Main(string[] args) {
           DirectoryInfo di = new DirectoryInfo(@"c:\");
           DisplayRights(di, 0);
           Console.ReadKey();
       }

       static void DisplayRights(DirectoryInfo di, int recurseLevel) {
           if (recurseLevel <= 2) {
               recurseLevel++;
               foreach (DirectoryInfo d in di.GetDirectories()) {
                   DisplayRights(d, recurseLevel);
               }
           }

           bool firstRun = true;

           DirectorySecurity ds = di.GetAccessControl();          
           foreach (FileSystemAccessRule fsa in ds.GetAccessRules(true,
false, typeof(NTAccount))) {
               if (firstRun) {
                   Console.WriteLine(di.FullName);
                   firstRun = false;
               }

               Console.WriteLine("\t" + fsa.IdentityReference.ToString() +
" " +
                   fsa.FileSystemRights.ToString() + " " +
                   fsa.AccessControlType.ToString());
           }
       }
   }
}
Reply to this Message
Andrei Varanovich - 25 Sep 2006 20:23 GMT
Hi

This is a well known issue with security in .NET 2.0.
Here is the discussion
http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.security/2006-03/msg
00008.html

The problem is that there is something wrong with the ACLs on these
directories.

Thank you,
Andrei

> Hi,
>
[quoted text clipped - 55 lines]
>     }
> }
Reply to this Message
Kevin Yu [MSFT] - 26 Sep 2006 03:18 GMT
Hi Ryan,

Yes, this is a know issue in .net framework 2.0. You can check the
following link for more information:

http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?Feedbac
kID=97797

As far as I know, a hotfix for this issue is available now. The product
group fixed this by relaxing the constraints of the ACEs. You can contact
Microsoft PSS for this hotfix. Here are their contact information.

http://support.microsoft.com/common/international.aspx?rdpath=gp;en-us;offer
prophone

If anything is unclear, please feel free to let me know.

Kevin Yu
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Reply to this Message
Ryan - 26 Sep 2006 15:01 GMT
Thanks - have requested the hotfix.

> Hi Ryan,
>
[quoted text clipped - 35 lines]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
Reply to this Message
phillip.capiral@pnl.gov - 12 Oct 2006 18:44 GMT
Is there a kb article associated with this? how do we request this hotfix?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.