Error with GetAccessControl()

TheMSsForum.com: The Microsoft Software Forum

Hi,

I've written a very quick console app to recursive through a directory tree
and display directories that have explicit file permissions (code below). It
works, but GetAccessControl() fails on some folders (always the same) with
the error:

The binary form of an ACE object is invalid.
Parameter name: binaryForm

I've had a look at the folder properties, security tab for a couple of the
affected folders and everything seems to look ok.

Anyone have any ideas?

Thanks,
Ryan

using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Principal;
using System.Security.AccessControl;

namespace CheckACLs {
class Program {
static void Main(string[] args) {
DirectoryInfo di = new DirectoryInfo(@"c:\");
DisplayRights(di, 0);
Console.ReadKey();
}

static void DisplayRights(DirectoryInfo di, int recurseLevel) {
if (recurseLevel <= 2) {
recurseLevel++;
foreach (DirectoryInfo d in di.GetDirectories()) {
DisplayRights(d, recurseLevel);
}
}

bool firstRun = true;

DirectorySecurity ds = di.GetAccessControl();
foreach (FileSystemAccessRule fsa in ds.GetAccessRules(true,
false, typeof(NTAccount))) {
if (firstRun) {
Console.WriteLine(di.FullName);
firstRun = false;
}

Console.WriteLine("\t" + fsa.IdentityReference.ToString() +
" " +
fsa.FileSystemRights.ToString() + " " +
fsa.AccessControlType.ToString());
}
}
}
}
Top

Re: Error with GetAccessControl() by Andrei

Andrei
Mon Sep 25 14:23:08 CDT 2006

Hi

This is a well known issue with security in .NET 2.0.
Here is the discussion
http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.security/2006-03/msg00008.html

The problem is that there is something wrong with the ACLs on these
directories.

Thank you,
Andrei

Ryan wrote:
> Hi,
>
> I've written a very quick console app to recursive through a directory tree
> and display directories that have explicit file permissions (code below). It
> works, but GetAccessControl() fails on some folders (always the same) with
> the error:
>
> The binary form of an ACE object is invalid.
> Parameter name: binaryForm
>
> I've had a look at the folder properties, security tab for a couple of the
> affected folders and everything seems to look ok.
>
> Anyone have any ideas?
>
> Thanks,
> Ryan
>
> using System;
> using System.Collections.Generic;
> using System.Text;
> using System.IO;
> using System.Security.Principal;
> using System.Security.AccessControl;
>
> namespace CheckACLs {
> class Program {
> static void Main(string[] args) {
> DirectoryInfo di = new DirectoryInfo(@"c:\");
> DisplayRights(di, 0);
> Console.ReadKey();
> }
>
> static void DisplayRights(DirectoryInfo di, int recurseLevel) {
> if (recurseLevel <= 2) {
> recurseLevel++;
> foreach (DirectoryInfo d in di.GetDirectories()) {
> DisplayRights(d, recurseLevel);
> }
> }
>
> bool firstRun = true;
>
> DirectorySecurity ds = di.GetAccessControl();
> foreach (FileSystemAccessRule fsa in ds.GetAccessRules(true,
> false, typeof(NTAccount))) {
> if (firstRun) {
> Console.WriteLine(di.FullName);
> firstRun = false;
> }
>
> Console.WriteLine("\t" + fsa.IdentityReference.ToString() +
> " " +
> fsa.FileSystemRights.ToString() + " " +
> fsa.AccessControlType.ToString());
> }
> }
> }
> }

Top

Re: Error with GetAccessControl() by v-kevy

v-kevy
Mon Sep 25 21:18:42 CDT 2006

Hi Ryan,

Yes, this is a know issue in .net framework 2.0. You can check the
following link for more information:

http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?Feedbac
kID=97797

As far as I know, a hotfix for this issue is available now. The product
group fixed this by relaxing the constraints of the ACEs. You can contact
Microsoft PSS for this hotfix. Here are their contact information.

http://support.microsoft.com/common/international.aspx?rdpath=gp;en-us;offer
prophone

If anything is unclear, please feel free to let me know.

Kevin Yu
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Top

Re: Error with GetAccessControl() by applbr

applbr
Tue Sep 26 09:01:03 CDT 2006

Thanks - have requested the hotfix.

"Kevin Yu [MSFT]" wrote:

> Hi Ryan,
>
> Yes, this is a know issue in .net framework 2.0. You can check the
> following link for more information:
>
> http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?Feedbac
> kID=97797
>
> As far as I know, a hotfix for this issue is available now. The product
> group fixed this by relaxing the constraints of the ACEs. You can contact
> Microsoft PSS for this hotfix. Here are their contact information.
>
> http://support.microsoft.com/common/international.aspx?rdpath=gp;en-us;offer
> prophone
>
> If anything is unclear, please feel free to let me know.
>
> Kevin Yu
> Microsoft Online Community Support
>
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
> ications.
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/subscriptions/support/default.aspx.
> ==================================================
>
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
Top

Re: Error with GetAccessControl() by phillip

phillip
Thu Oct 12 12:44:05 CDT 2006

Is there a kb article associated with this? how do we request this hotfix?

Top