dotnet security: How do I grant acess to a folder using VB.NET. I need to add a group and 2
users.

I know this can be a long answer so if you can just point me in the right
direction or where I should porst this question, that would be great.

Any links on how to would be greate.

--
Thanks,

You need to update the security descriptor on the folder. You can do this
using IADsSecurityDescriptor interface, or via interop with a library like
DataMarvel or the Win32Security wrapper assembly at GotDotNet:
http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9

HTH,

Joe K.

[quoted text, click to view]

Additional info: Win32Security wrapper is not CLS-compliant so you can't use
VB. Check out
http://www.DataMarvel.com

Here are two samples on setting DACLs in C# and VB.

1. C# (from DataMarvel's download sample):
public void SecurityInfoDacl()
{
// A simple way to avoid conflict with existing file.
string fileName = Guid.NewGuid().ToString("N").Substring(0, 8);
IntPtr fileHd = IntPtr.Zero;
try
{
Console.WriteLine("DACL access:");

fileHd = WinBase.CreateFile(
fileName,
WinDef.NET_GENERIC_ALL,
0, // no sharing
null, // default
WinBase.NET_CREATE_ALWAYS,
WinDef.NET_FILE_ATTRIBUTE_NORMAL, // attributes
IntPtr.Zero
);

NDacl dacl = NSecurity.GetSecurityInfoDacl(
fileName, NET_SE_OBJECT_TYPE.SE_FILE_OBJECT);
Debug.Assert(dacl != null);
Console.WriteLine("NSecurity.GetSecurityInfoDacl: dacl length {0}, ace
count {1}",
dacl.AclLength, dacl.SizeInformation.AceCount);

// Get dacl
NAccessToken at = NAccessToken.OpenCurrentProcessToken(
WinDef.NET_TOKEN_QUERY);
NDacl dacl2 = at.DefaultDacl;
at.Dispose();
Debug.Assert(dacl2 != null);

// Modify DACL. The following add ACEs in
// correct order.
dacl2.AddAccessAllowedAceInOrder(
WinDef.NET_OBJECT_INHERIT_ACE |
WinDef.NET_CONTAINER_INHERIT_ACE,
WinDef.NET_GENERIC_WRITE,
NWellKnownSid.BuiltinAdministrators);
dacl2.AddAccessDeniedAceInOrder(
WinDef.NET_OBJECT_INHERIT_ACE |
WinDef.NET_CONTAINER_INHERIT_ACE,
WinDef.NET_GENERIC_WRITE,
NWellKnownSid.AnonymousLogon);
Console.WriteLine("A new dacl: length {0}, ace count {1}",
dacl2.AclLength, dacl2.SizeInformation.AceCount);

NSecurity.SetSecurityInfoDacl(
fileName, NET_SE_OBJECT_TYPE.SE_FILE_OBJECT, dacl2,
0);
NDacl dacl3 = NSecurity.GetSecurityInfoDacl(
fileName, NET_SE_OBJECT_TYPE.SE_FILE_OBJECT);
Debug.Assert(dacl3 != null);
// ACL's size can increase due to inheritance.
Console.WriteLine("Dacl after NSecurity.SetSecurityInfoDacl: length {0},
ace count {1}",
dacl3.AclLength, dacl3.SizeInformation.AceCount);

// Get SD to dump the DACL in string.
// Notice that the denied ACE is placed in front of
// the allowed ACEs.
NSecurityDescriptor sd = NSecurity.GetSecurityDescriptor(
fileName,
NET_SE_OBJECT_TYPE.SE_FILE_OBJECT,
WinDef.NET_DACL_SECURITY_INFORMATION,
false);
Console.WriteLine("Dacl in SecurityDescriptor: {0}",
sd.ToString());
Console.WriteLine();
}
finally
{
if (fileHd != IntPtr.Zero)
{
int error = WinBase.CloseHandle(fileHd);
Debug.Assert(0 == error);

WinBase.DeleteFile(fileName);
}
}
}


2. VB:

Imports DataMarvel.WinNL

Module Module1

Sub Main()

Dim myDir As String
myDir = Environment.CurrentDirectory

Dim dacl As NDacl
dacl = NSecurity.GetSecurityInfoDacl(myDir,
NET_SE_OBJECT_TYPE.SE_FILE_OBJECT)

Dim aceFlags As Integer
Dim accessMask As Integer
Dim userSid As NSid

aceFlags = WinDef.NET_OBJECT_INHERIT_ACE +
WinDef.NET_CONTAINER_INHERIT_ACE

' Allow Admin All rights
'userSid = NWellKnownSid.BuiltinAdministrators
'accessMask = WinDef.NET_GENERIC_ALL
'dacl.AddAccessAllowedAce(aceFlags, accessMask, userSid)

' Allow a user Read and Execute rights
userSid = New NSid("MyAccountName", "MySystemName")
Console.WriteLine("User SID: " + userSid.StringSid)
accessMask = WinDef.NET_GENERIC_READ + WinDef.NET_GENERIC_EXECUTE
dacl.AddAccessAllowedAce(aceFlags, accessMask, userSid)

NSecurity.SetSecurityInfoDacl(myDir,
NET_SE_OBJECT_TYPE.SE_FILE_OBJECT, dacl, 0)

End Sub

End Module




[quoted text, click to view]