diff --git a/SMBLibrary/Server/SMB2/ReadWriteResponseHelper.cs b/SMBLibrary/Server/SMB2/ReadWriteResponseHelper.cs
index d4da6e6..810e9ff 100644
--- a/SMBLibrary/Server/SMB2/ReadWriteResponseHelper.cs
+++ b/SMBLibrary/Server/SMB2/ReadWriteResponseHelper.cs
@@ -23,6 +23,15 @@ namespace SMBLibrary.Server.SMB2
                 return new ErrorResponse(request.CommandName, NTStatus.STATUS_FILE_CLOSED);
             }
 
+            if (share is FileSystemShare)
+            {
+                if (!((FileSystemShare)share).HasReadAccess(session.SecurityContext, openFile.Path))
+                {
+                    state.LogToServer(Severity.Verbose, "Read from '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
+                    return new ErrorResponse(request.CommandName, NTStatus.STATUS_ACCESS_DENIED);
+                }
+            }
+
             byte[] data;
             NTStatus readStatus = share.FileStore.ReadFile(out data, openFile.Handle, (long)request.Offset, (int)request.ReadLength);
             if (readStatus != NTStatus.STATUS_SUCCESS)
@@ -43,6 +52,15 @@ namespace SMBLibrary.Server.SMB2
                 return new ErrorResponse(request.CommandName, NTStatus.STATUS_FILE_CLOSED);
             }
 
+            if (share is FileSystemShare)
+            {
+                if (!((FileSystemShare)share).HasWriteAccess(session.SecurityContext, openFile.Path))
+                {
+                    state.LogToServer(Severity.Verbose, "Write to '{0}{1}' failed. User '{2}' was denied access.", share.Name, openFile.Path, session.UserName);
+                    return new ErrorResponse(request.CommandName, NTStatus.STATUS_ACCESS_DENIED);
+                }
+            }
+
             int numberOfBytesWritten;
             NTStatus writeStatus = share.FileStore.WriteFile(out numberOfBytesWritten, openFile.Handle, (long)request.Offset, request.Data);
             if (writeStatus != NTStatus.STATUS_SUCCESS)