File Security C# Help

When the .NET Framework 1.0/1.1 was first introduced, it didn’t come with a way to easily access and work access control lists (ACLs) for files, directories, and registry keys to do such things at that timeusually meant some work with COM interop, thus also requiring a more advanced programming knowledge of working with ACLs.

This has considerably changed since the release of the .NET Framework 2.0, which made the process of working with Acts considerably easier with a namespace – System Security .AccessControl With this namespace, it is now possible to manipulate security settings for files, registry keys, network shares,
Active Directory objects, and more.

Reading ACLs from a File

For an example of working with System Security AccessControl, this section looks at working with the ACts for both files and directories, It starts by looking at how you would review the ACLs for a particular file, This example is accomplished in a console ,application and illustrated here:

For this example to work, the first step is to refer to the System Security AccessControl namespace this will give you access to the Filesecurity and the FileSystemAccessRule classes later in the program, After the specified file is retrieved and placed in a FileStream object, the ACLs of the file are grabbed using the GetAccessControl () method now found on the File object, This information from the GetAccessControl () method is then placed in a FileSecurity class, This class has access rights to the referenced item, Each individual access right is then in turn represented by a FileSystemAccessRule object that is why a foreach loop is used to iterate through all the access rights found in the created FileSecurity object, Running this example with a simple text file in the root directory produces something similar to the following results;

Provide full file path: C:\Sample.txt
C: \Sample.txt provide FullControl access for BUILTIN\Administraton
C:\Sample.txt provide, FullControl access for NT AuTHORITY\SYSTEM
C:\Sample.txt provide. FullControl access for PUSHKIN/Bill
C:\Sample.txt provide, ReadAndexecute, Synchronize access for BUILTIN/Users

The next section presents reading ACLs from a directory instead of a file.

Reading, ACLs from a Directory

Reading ACL information about a directory instead of an actual file is not much different from the preceding example the code for this is illustrated in the following sample:

The big difference with this example is that it uses the Directorylnfo class,which now also includesthe GetAccessControl () method to pull information about the directory’s ACLs Running this example produces the  following results:

Provide full directory path: C:\Test
C:\Test provides FullControl access for BUILTIN\Administrators
C:\Test provides FullControl access for NT AUTHORITY\SYSTEM
C:\Test provides FullControl access for PUSHKIN\Bill
C:\Test provides 268435456 access for CREATOR OWNER
C:\Test provides ReadAndExecute, Synchronize access for BUILTIN\Users
C:\Test provides AppendData access for BUILTIN\Users
C:\Test provides CreateFiles access for BUILTIN\Users

The final thing you will look at in working with ACLs is using the new System, Security AccessControl namespace to add and remove items to and from a file’s ACL.

Adding and Removing ACLs from a File

It is also possible to manipulate the ACLS of a resource using the same objects that were used in the previous examples the following code example changes a previous code example where a file’s ACL
information was read Here, the ACLs are read for a specified file,changed, and then read again:

In this case, a new access rule isadded to the file’s ACL, This is done by Using the FileSystemAccessRule object the FileSystemAcceSSRule class isan abstraction access control entry (ACE) instance.

The ACE defines the user account to use, the type of access that this user account can deal with, and whether or not to allow or deny this access. In creating a new instance of this object, a new NTAccount is created and given Full Control to the file.Even through a new NTAccount is created, it must still reference an existing user Then the Add Access Rule method of the FileSecurity class is used to assign the new rule From there, the FileSecurity object reference is used to set the access control to the file in question using the SetAccessControl () method of the File class, Next, the file’s ACL is listed again, The following is an example of what the preceding code could produce:

Provide full file path: C:\Sample.txt
ACL list before modification:
C:\Sample.txt provides FullControl access for BUILTIN\Administrators
C:\Sample.txt provides FullControl access for NTAUTHORITY\SYSTEM
C:\Sample.txt provides FullControl access for PUSHKIN\Bill
C:\Sample.txt provides ReadAndExecute. Synchronize access for BUILTIN\Users

ACL List after modification
C:\Sample.txt provides fullControl access for PUSHKIN\Tuija
C:\Sample.txt provides FullControl access for BUILTIN\Administrators
C:\Sample.txt provides FullControl access for NTAUTHORITY\SYSTEM
C:\Sample.txt provides FullControl access for PUSHKIN\Bill
C:\Sample.txt provides ReadAndExecute. Synchronize access for BUILTIN\Users

To remove a rule from the ACL list, there is really not much that needs to be done to the code, From the previous code example, you simply need to change the line.

fileSec.AddAccessRule(newRule);
to the following to remove the rule that was just added:
fileSec.RemoveAccessRule(newRule);

Posted on October 29, 2015 in Manipulating Files and the Registry

Share the Story

Back to Top