Get domain groups for a specified user and permissions for a specified file using .Net

Question

I want to return a list of group memberships for a specific domain user. Something like...

string[] UserGroups(string domain, string domainUserName)
{
    // query domain info

    // return a list of accounts the user is a member of
}

Also, I want to be able to see which domain accounts/groups have access to a specified file/folder.

string[] AllowedAccounts(string domain, string filePath)
{
    // query file/folder permission

    // return a list of accounts with access to file/folder
}

What is the best way to perform these two tasks using c#?

Answer 1

Here's an example. You don't need the domain for your the file access function, unless you want to filter.

string[] UserGroups(string domain, string domainUserName)
{

    WindowsIdentity ident = new WindowsIdentity(domainUserName + "@" + domain);
    List<string> groups = new List<string>();
    foreach (IdentityReference g in ident.Groups)
    {            
        groups.Add(g.Value);
    }
    return groups.ToArray();
}

string[] AllowedAccounts(string filePath)
{
    List<string> accounts = new List<string>();
    FileInfo fInfo = new FileInfo(filePath);
    var fsec = fInfo.GetAccessControl();
    AuthorizationRuleCollection acl = fsec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
    foreach (FileSystemAccessRule ace in acl)
    {
        accounts.Add(ace.IdentityReference.Value);
    }
    return accounts.ToArray();
}