using System.Security.AccessControl;

using System.Security.Principal;

public class Program

{

    public static void Main()

    {

        //能做做参考 

        List<FileSystemAccessRule> systemAccessRules = new List<FileSystemAccessRule>(); // 暂存以前的权限

        string path = "C:\\Test";

        AddDirectorySecurity(path, systemAccessRules);

        DirectoryInfo dInfow = new DirectoryInfo("C:\\Test");

        var files = dInfow.GetFiles(); // 测试能否读取文件

        DirectorySecurity dSecurity = dInfow.GetAccessControl();

        // 恢复文件之前的权限

        foreach (var f in systemAccessRules)

        {

            dSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(f.IdentityReference.Value, FileSystemRights.FullControl, AccessControlType.Allow));

            dSecurity.ModifyAccessRule(AccessControlModification.Add, f, out var ok);

        }

        dInfow.SetAccessControl(dSecurity);

        Console.ReadKey();

    }

   // 设置权限

    static void AddDirectorySecurity(string FileName, List<FileSystemAccessRule> files)

    {

        // 获取目录信息

        DirectoryInfo dInfo = new DirectoryInfo(FileName);

        // 获取目录控制信息

        DirectorySecurity dSecurity = dInfo.GetAccessControl();

        // 获取目录相关权限

        var c = dSecurity.GetAccessRules(true, true, typeof(NTAccount)).OfType<FileSystemAccessRule>();

        foreach (var g in c)

        {

            files.Add(g);

            // 不知道为啥直接修改不行 

            // g.IdentityReference.Value 就是用户账号

            dSecurity.RemoveAccessRuleAll(new FileSystemAccessRule(g.IdentityReference.Value, FileSystemRights.FullControl, AccessControlType.Deny));

            dSecurity.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(g.IdentityReference.Value, FileSystemRights.Read, AccessControlType.Allow), out var ok);

            Console.WriteLine(ok);

        }

        // 设置权限

        dInfo.SetAccessControl(dSecurity);

    }

}