【发布时间】:2026-02-13 00:25:01
【问题描述】:
我正在尝试检查服务是否有权访问特定的本地目录:
public static bool HasDirectoryPermissions(String path, FileSystemRights rights, String serviceName)
{
try
{
var directoryAccessControl = Directory.GetAccessControl(path);
ManagementObjectSearcher query = new ManagementObjectSearcher("SELECT * FROM Win32_Service where Name='" + serviceName + "'");
var queryResults = (from ManagementObject x in query.Get() select x);
if (queryResults.Count() > 0)
{
var serviceUser = (string)queryResults.FirstOrDefault().Properties["StartName"].Value;
var serviceUserAccount = new NTAccount(serviceUser);
var rules = directoryAccessControl.GetAccessRules(true, true, typeof(NTAccount));
foreach (var rule in rules)
{
if (rule.GetType() == typeof(FileSystemAccessRule))
{
var accessRule = (FileSystemAccessRule)rule;
if (accessRule.IdentityReference == serviceUserAccount && (accessRule.FileSystemRights & rights) == rights && accessRule.AccessControlType == AccessControlType.Allow)
{
Console.WriteLine("The {0} service has permissions to {1}.", serviceName, path);
return true;
}
}
}
Console.WriteLine("The {0} service does not have directory permissions for {1}.", serviceName, path);
return false;
}
else
{
Console.WriteLine("Could not get directory permissions for {0} because the {1} service is not installed.", path, serviceName);
return false;
}
}
catch (Exception exception)
{
Console.WriteLine("Directory permissions could not be obtained for the {0} service against {1}. {2}", serviceName, path, exception.ToString());
return false;
}
}
但是,问题在于accessRule.IdentityReference == serviceUserAccount 永远不会为真,因为一方面,我有一个名为NT AUTHORITY\NETWORK SERVICE 的NTAccount 类型的IdentityReference,而我计算出的serviceUserAccount 对象是NT AUTHORITY\NetworkService。虽然这两个是同一个帐户,但相等性测试失败,因为这些字符串不完全匹配。如何正确测试两个 NTAccount 对象是否相同,尽管它们的语法略有不同?
【问题讨论】:
标签: c# .net windows service permissions