How can I check to see if the current user can create / delete virtual directories in IIS?

Question

How to tell if the current user is an IIS Manager or a Server Administrator?

We have installers that fail at the end of an Add/Remove because the user doesn't have sufficient prividgles to create or delete virtual directories.

Before getting into the meat and potatoes of the install/uninstall operation, is there anyway to check can the user create or delete cirtual directories.

Is there a Permissions Directory we can look up and check for the current user, or something similar?

Thanks
BW

Answer 1

I found this on Code Project, and it does what I need.

The crux of it is the System.IO.FileInfo.GetAccessControl().GetAccessRules method to get the ACL for the folder.

Snippet

System.IO.FileInfo fi = new System.IO.FileInfo(_path);
AuthorizationRuleCollection acl = fi.GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
for (int i = 0; i < acl.Count; i++) {
    System.Security.AccessControl.FileSystemAccessRule rule = (System.Security.AccessControl.FileSystemAccessRule)acl[i];
    if (_principal.User.Equals(rule.IdentityReference)) {
        if (System.Security.AccessControl.AccessControlType.Deny.Equals.                                (rule.AccessControlType)) {
            if (contains(FileSystemRights.AppendData,rule)) 
                _denyAppendData = true;

Answer 2

If the user is added to '' group, he has access to create virtual directory in IIS

if (IISversion == 6)
     IIS_WPG - check for user in this group
else
     IIS_IUSRS - check for user in this group

Answer 3

You'd need to check the ACL on the folder to see if they have permissions or not. You could basically use something like this to grab the path:

http://forums.asp.net/p/1436196/3254626.aspx/1?Re+Retrieve+physical+path+of+an+IIS+Application+Virtual+Directory+

Then check the ACL.

Bail on the install if they don't have it.