I have asp.net web site and trying to access shared folders in servers when i use my username and password on identity impersonate, it is working fine and letting me to check logged in users permission to folder however if i try service account which is domain admin also then gives "Attempted to perform an unauthorized operation." on DirectorySecurity dirSec = Directory.GetAccessControl(folder);
<identity impersonate="true" userName="DomainUser" password="Password"/>
When i login to that service account it has full control access to all those folders.
public string GetFolderPermissions(string folder, string user) {
string permissionShort = string.Empty;
string executingUser = user;
NTAccount acc = new NTAccount(executingUser);
SecurityIdentifier secId = acc.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
DirectorySecurity dirSec = Directory.GetAccessControl(folder);
AuthorizationRuleCollection authRules = dirSec.GetAccessRules(true, true, typeof(SecurityIdentifier));
foreach(FileSystemAccessRule ar in authRules) {
if(secId.CompareTo(ar.IdentityReference as SecurityIdentifier) == 0) {
var fileSystemRights = ar.FileSystemRights;
permissionShort += ((ar.FileSystemRights & FileSystemRights.FullControl) == FileSystemRights.FullControl) ? "F" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Write) == FileSystemRights.Write) ? "W" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Read) == FileSystemRights.Read) ? "R" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ReadAndExecute) == FileSystemRights.ReadAndExecute) ? "A" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ListDirectory) == FileSystemRights.ListDirectory) ? "L" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.Modify) == FileSystemRights.Modify) ? "M" : "-";
permissionShort += ((ar.FileSystemRights & FileSystemRights.ExecuteFile) == FileSystemRights.ExecuteFile) ? "E" : "-";
permissionShort += "\n";
}
}
return permissionShort;
}
I dont understand.
