仅仅尝试访问有问题的文件是不够的。测试将在运行程序的用户的权限下运行——这并不一定是您想要测试的用户权限。

我无法让GetAccessControl()在Windows 7上抛出一个异常，就像接受的答案中建议的那样。

我最终使用了sdds的答案的变体:

        try
        {
            bool writeable = false;
            WindowsPrincipal principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
            DirectorySecurity security = Directory.GetAccessControl(pstrPath);
            AuthorizationRuleCollection authRules = security.GetAccessRules(true, true, typeof(SecurityIdentifier));

            foreach (FileSystemAccessRule accessRule in authRules)
            {

                if (principal.IsInRole(accessRule.IdentityReference as SecurityIdentifier))
                {
                    if ((FileSystemRights.WriteData & accessRule.FileSystemRights) == FileSystemRights.WriteData)
                    {
                        if (accessRule.AccessControlType == AccessControlType.Allow)
                        {
                            writeable = true;
                        }
                        else if (accessRule.AccessControlType == AccessControlType.Deny)
                        {
                            //Deny usually overrides any Allow
                            return false;
                        }

                    } 
                }
            }
            return writeable;
        }
        catch (UnauthorizedAccessException)
        {
            return false;
        }

希望这能有所帮助。

试试这个:

try
{
    DirectoryInfo di = new DirectoryInfo(path);
    DirectorySecurity acl = di.GetAccessControl();
    AuthorizationRuleCollection rules = acl.GetAccessRules(true, true, typeof(NTAccount));

    WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
    WindowsPrincipal principal = new WindowsPrincipal(currentUser);
    foreach (AuthorizationRule rule in rules)
    {
        FileSystemAccessRule fsAccessRule = rule as FileSystemAccessRule;
        if (fsAccessRule == null)
            continue;

        if ((fsAccessRule.FileSystemRights & FileSystemRights.WriteData) > 0)
        {
            NTAccount ntAccount = rule.IdentityReference as NTAccount;
            if (ntAccount == null)
            {
                continue;
            }

            if (principal.IsInRole(ntAccount.Value))
            {
                Console.WriteLine("Current user is in role of {0}, has write access", ntAccount.Value);
                continue;
            }
            Console.WriteLine("Current user is not in role of {0}, does not have write access", ntAccount.Value);                        
        }
    }
}
catch (UnauthorizedAccessException)
{
    Console.WriteLine("does not have write access");
}

您的代码获得给定目录的DirectorySecurity，并正确处理异常(由于您无法访问安全性信息)。然而，在您的示例中，您实际上并没有询问返回的对象以查看允许哪些访问—我认为您需要添加这一点。

这应该是您所需要的全部内容，据我所知，您只需要捕获一个异常。

private static readonly byte[] TestArray = new byte[]{
    69, 70, 71, 72
};

private static bool IsFolderAccessible(string path) {
    var temp_path = Path.Combine(path, Path.GetRandomFileName());

    try {
        using (var file = File.Create(temp_path, TestArray.Length, FileOptions.DeleteOnClose)) {
            file.Write(TestArray, 0, TestArray.Length);
        }

        return true;
    } catch (UnauthorizedAccessException ex) {
        Log.Warn($"Error accessing file {temp_path}", ex);

        return false;
    }
}

在代码中有一个潜在的竞争条件——如果用户在检查时拥有写入文件夹的权限，但在用户实际写入文件夹之前，该权限被撤销，会发生什么情况?写入操作将抛出一个异常，您需要捕获并处理该异常。所以最初的检查是没有意义的。您也可以只执行写入并处理任何异常。这是你的情况的标准模式。