System.Security.AccessControl; nice, but how to check for access rights?
The november 2004 issue of MSDN Magazine has a nice overview article on using the .NET 2.0 classes in the System.Security.AccessControl namespace. These classes allow you to access and modify the security descriptors on files, directories and other system objects. The article shows how to grant or deny rights on files to users from code, enumerate all ACE's in the ACL, take ownership, all from managed code.
Still, there seems to be no way to check for a specific right (say: write) for a specific SID (say: the current user). It seems to me that any application that allows a user to edit or display security settings should also be able to grey out the 'security' menu item when the current user lacks the privileges to view the security settings.
Am I missing something? Is there some HasAccess() method that I haven't found on msdn2? Am I really supposed to try/catch to know if the current user may edit a file?
Update: a colleague (thanks Emile) pointed me to this article on wrapping the AccessCheck API call from advapi32.dll. Code is in VB.NET and comes with samples. Uses .NET 1.1, so no integration with the new classes in System.Security.AccessControl