How to use FileSecurity class in System.Security.AccessControl namespace in .Net V2.0?
|
|
|
|
|
.Net Framework Version: 2.0
In this article I will try to show usage of some of the classes in one of the
new namespaces System.Security.AccessControl namespaces intriduced
in V2.0 of Microsoft .Net Framework. In earlier version when we wanted to get
to the security information about an object in your system, we had to use PInvoke
to use Win32 APIs to get to the information like Security Descriptor (SID)
or Access Control List (ACL). In V2.0 of the framework Microsoft has
introduced this very handy namespace System.Security.AccessControl
which provides almost all the functionlity that all of us wanted. The name of
this namespace very well describes what to expect from the classes in this
namespace. The classes in the namespace are not limited to files only. They
provide you all the security access information on objects like Files, Registry,
Mutex, Semaphores, etc.
When I started using these classes, I saw that there is practically no
documentation available in Map 2004 Preview release of Visual Studio 2005. I
had to bang my head couple of times and took some help from ILDASM to figure
out what certain parameters are supposed to be. And finally I was able to put
together a small C# console application that demonstrates how to use some of
the classes to get owner information and access control information on a file
object using System.Security.AccessControl.FileSecurity class.
Constructor of FileSecurity class has 2 parameters. First is the
complete file path and second is the type of access control information you are
interested in. After you construct the object, you can call methods like GetOwner,
GetGroup etc. to retreive the security information that you are
interested in. For getting all kind of information, you can pass the second
parameter value as AccessControlSections.All. You can download the
sample code and play with it. You will require Visual Studio 2005 May 2004
Preview version of the IDE to run this project.
using System;
using System.Collections.Generic;
using System.Text;
using System.Security.AccessControl;
using System.Security.Principal;
namespace FileSecurityApp
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Third Eye Software Solutions - File Security Sample");
IdentityReference obOwnerId = null;
NTAccount obWinPrincipal = null;
AuthorizationRuleCollection obAccessRules = null;
FileSecurity obFs = new FileSecurity(@"C:\AutoExec.bat", AccessControlSections.All);
try
{
//
// Get SID of file owner.
//
Type obTypeToGet = Type.GetType("System.Security.Principal.SecurityIdentifier");
obOwnerId = obFs.GetOwner(obTypeToGet);
Console.WriteLine("File Owner SID is : {0}", obOwnerId);
//
// Now we will try to get winodws principal information.
//
obTypeToGet = Type.GetType("System.Security.Principal.NTAccount");
obWinPrincipal = (NTAccount)obFs.GetOwner(obTypeToGet);
Console.WriteLine("File Owner is : {0}", obWinPrincipal);
//
// Get Access Rules collection.
//
obAccessRules = obFs.GetAccessRules(true, true, obTypeToGet);
if (null != obAccessRules)
{
Console.WriteLine("Total access rules are = {0}", obAccessRules.Count);
foreach (AuthorizationRule obAuthRule in obAccessRules)
{
AccessRule obAccessRule = (AccessRule)obAuthRule;
Console.WriteLine("AuthRule : Inherited={0}, Id={1}, AccessType={2}",
obAuthRule.IsInherited, obAuthRule.IdentityReference, obAccessRule.AccessControlType);
}
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.WriteLine(ex.StackTrace);
}
}
}
}
|