111

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.IO; 

namespace WebApplication1
{
    public partial class WebForm1 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            //下面的方法调用时最好做成异步调用，以便在文件过大时不让用户等待过久

            //asp.net模拟域账号访问客户端共享文件夹，报对路径"\\xxx\folder"的访问被拒绝
            //web.config文件system.web节需配置<identity impersonate="true" userName="域\域账号" password="密码" />
            IntPtr ptr = default(IntPtr);
            if (WinLogonHelper.LogonUser("域账号", "H3C.HUAWEI-3COM.COM", "密码", 9, 0, ref ptr) != 0)
            {
                using (WindowsIdentity wi = new WindowsIdentity(ptr))
                {
                    using (WindowsImpersonationContext wic = wi.Impersonate())
                    {
                        if (!Directory.Exists(@"\\\\xxx\\folder"))
                        {
                            //......客户端文件夹对当前域账号开放共享，此处域账号可以根据所开发的权限对文件夹进行访问，例如读取文件夹中的文件
                            //通过文件共享的方式，端到端的文件传输不受文件大小和文件个数制约

                            //将文件从客户端复制到服务端后，可以对新生成的文件目录设置共享访问权限，例如设置只读权限
                            SetFolderACL("文件保存路径", "域\\（一个反斜杠）域账号", FileSystemRights.Read, AccessControlType.Allow);
                        }
                    }
                }
            }
        }

        public static class WinLogonHelper
        {
            [DllImport("advapi32.DLL", SetLastError = true)]
            public static extern int LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
        }

        public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny)
        {

            InheritanceFlags inherits = InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit;

            return SetFolderACL(FolderPath, UserName, Rights, AllowOrDeny, inherits, PropagationFlags.None, AccessControlModification.Add);

        }

        public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny, InheritanceFlags Inherits, PropagationFlags PropagateToChildren, AccessControlModification AddResetOrRemove)
        {
            bool ret;

            DirectoryInfo folder = new DirectoryInfo(FolderPath);

            DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All);

            FileSystemAccessRule accRule = new FileSystemAccessRule(UserName, FileSystemRights.Read, Inherits, PropagateToChildren, AllowOrDeny);
            dSecurity.ModifyAccessRule(AddResetOrRemove, accRule, out ret);

            folder.SetAccessControl(dSecurity);

            DirectorySecurity fs1 = System.IO.Directory.GetAccessControl(FolderPath);
            fs1.SetAccessRuleProtection(false, true);
            System.IO.Directory.SetAccessControl(FolderPath, fs1);

            return ret;
        }
    }
}