give access rule permission to the specific user on local network

Question

My app is working on local network,and the admin create the folder for every user on shared folder with this code: for example "me1" is a user on local network.

DirectoryInfo d=new DirectoryInfo(@"\\server\Test");
DirectoryInfo di = new DirectoryInfo(@"\\server\Test\me1");
di.Create(d.GetAccessControl());
DirectorySecurity dSecurity = di.GetAccessControl();

dSecurity.AddAccessRule(new FileSystemAccessRule("everyone",
                                                 FileSystemRights.FullControl,
                                                 AccessControlType.Deny));
di.SetAccessControl(dSecurity);

now every user can't access to his folder,i use this code:

DirectoryInfo dInfo = new DirectoryInfo(@"\\Server\Test\me1");
DirectorySecurity dSecurity = dInfo.GetAccessControl();
dSecurity.AddAccessRule(new FileSystemAccessRule("everyone",
                                                 FileSystemRights.FullControl,
                                                 AccessControlType.Allow));
dInfo.SetAccessControl(dSecurity);

but error "access is denied" occured. how can set permission for specific user?? i mean can admin give permission to the specific user when he create directory?? thanks.

Answer 1

Deny Access Control Rules (ACE) are checked first, and everyone is in the Everyone group. Thus the first ACE will block all access to everyone, including you trying to change permissions.

Generally Deny rules are the wrong approach. Better to add just the access rules giving the access you want to grant, if there are no allow rules matching an identity that identity will get access denied—you don't need to explicitly block them.