I am writing a class library using C# and .NET 4 that interacts with the filesystem on a shared server over the network. I am trying to adjust some permissions on a folder and I am perfectly capable to add ACEs, but I am struggling to remove them.
This is the code I have so far:
//get ACEs for the working folder.
DirectorySecurity disec = m_diWork.GetAccessControl();
//find out if the account we want to remove is inherited from a parent folder.
bool bIsAccountInherited = disec.GetAccessRules(false, true, typeof(NTAccount)).Cast<AuthorizationRule>().Any(ar => ar.IdentityReference.Value.Equals(act.Value, StringComparison.CurrentCultureIgnoreCase));
if (bIsAccountInherited)
{
//if so, remove inheritance of ACEs but preserve existing ones.
disec.SetAccessRuleProtection(true, true);
}
//remove all access to this account.
disec.PurgeAccessRules(act);
//commit changes to working folder.
m_diWork.SetAccessControl(disec);
The variable act
is of type NTAccount and refers to a domain user.
The code runs without exceptions or any apparent issues, and the permissions of the target folder are correctly changed to non-inheriting. However, no ACEs are removed at all.
I have tried several different combinations of method calls, also using RemoveAccessRuleAll()
, to no avail. What am I doing wrong? Thanks.