Starting from Windows Server 2003, Windows included a new tool which calculates the effective permissions for a user (basically it resolves all groups access and takes care of all "deny" permissions as well). An example in point is that a user A belongs to groups B and C. B has been denied read permissions on a file F, while C has been allowed read and write permissions on the file and I want to calculate the effective permissions user A has on file F.
This tool is available on Windows Server 2003,Vista,7 and Server 2008 by right clicking on a file and going to properties -> security -> advanced -> effective permissions.
What I need is an API in C# which does the same job. The most common FILE API returns access rules (class FileAccessRules), but there seems to be no direct way to calculate effective permissions from these set of access rules.
Note: I do not want to process effective permissions in the code if at all possible, but am ready to do so as a last resort.