Get access rights of specific folder for actual user

Question

I hope you can help me. I need to obtain access rights (read, write etc.) of specific folder for actual user (which started the program) or for his group (users/administrators...)

Code below working but I cannot obtain info which I want in format similar to:

C:\Windows (R+W)

or

C:\Windows (Full Control)

Thank you.

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Text;
using System.Threading.Tasks;

namespace ConsoleApp1
{
    class Program
    {

        static void Main(string[] args)
        {
            Console.WriteLine(getRights(@"C:\test"));
            Console.ReadLine();
        }

        static string getRights(string path)
        {
            string rights = "eeeeee";
            try
            {
                DirectorySecurity dSecurity = Directory.GetAccessControl(path);
                foreach (FileSystemAccessRule rule in dSecurity.GetAccessRules(true, true, typeof(NTAccount)))
                {
                    rights += rule.FileSystemRights.ToString() + "\n";
                    rights += rule.IdentityReference.Value + "\n";
                    rights += "\n\n";
                }
            }
            catch
            {
                rights = "";
            }

            return rights;
        }
    }
}

Answer 1

If I got it right, you need something like this:

internal class Program
{
    private static void Main(string[] args)
    {
        string path = @"C:\Windows";
        Console.WriteLine($"{path} - {getRights(path)}");
        Console.ReadLine();
    }

    static string getRights(string path)
    {
        DirectoryInfo directoryInfo = new DirectoryInfo(path);
        if (!directoryInfo.Exists)
        {
            return "Directory doesn't exist";
        }
        FileSystemRights fsRights = 0;
        DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
        AuthorizationRuleCollection authRules = directorySecurity.GetAccessRules(true, true, typeof(NTAccount));
        WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
        WindowsPrincipal principal = new WindowsPrincipal(currentUser);

        foreach (AuthorizationRule rule in authRules)
        {
            FileSystemAccessRule fsRule = rule as FileSystemAccessRule;

            if (fsRule != null)
            {
                NTAccount ntAccount = rule.IdentityReference as NTAccount;

                if (principal.IsInRole(ntAccount.Value))
                {
                    if (fsRule.FileSystemRights > fsRights)
                    {
                        fsRights = fsRule.FileSystemRights;
                    }
                }
            }
        }

        switch (fsRights)
        {
            case FileSystemRights.FullControl:
                return "Full Control";
            case FileSystemRights r when (r >= FileSystemRights.Write):
                return "Write";
            case FileSystemRights r when (r >= FileSystemRights.ReadData):
                return "Read";
            default:
                return "No rights";
        }
    }
}

Update:

public enum FileSystemRights
{
    ReadData = 1,
    ListDirectory = 1,
    WriteData = 2,
    CreateFiles = 2,
    AppendData = 4,
    CreateDirectories = 4,
    ReadExtendedAttributes = 8,
    WriteExtendedAttributes = 16,
    ExecuteFile = 32,
    Traverse = 32,
    DeleteSubdirectoriesAndFiles = 64,
    ReadAttributes = 128,
    WriteAttributes = 256,
    Write = 278,
    Delete = 65536,
    ReadPermissions = 131072,
    Read = 131209,
    ReadAndExecute = 131241,
    Modify = 197055,
    ChangePermissions = 262144,
    TakeOwnership = 524288,
    Synchronize = 1048576,
    FullControl = 2032127
}