Implementing .NET Security in C#


Environment: C#, .NET

Since my company,, does a lot of .NET consultancy, one of our recent projects required that file i/o access be denied if the user running the application did not have administrator privileges. A lot has been written about the command line utility caspol.exe, however, this can seem a little over the top and quite complex when considering code groups, policy levels and zone management.

I basically wanted to programmatically check whether the user had the relevant permissions by accessing their windows account. Fortunately, .NET provides this through the System.Security.Principal namespace. I also wanted to deny access to particular drives - this is done through the namespace System.Security.Permissions.

Below is a skeleton example, where if the user is not an administrator the contents of a text file cannot be read and displayed in a list box:

  // By default deny access to the C Drive.....
  CodeAccessPermission UserPermission = 
     new FileIOPermission(FileIOPermissionAccess.AllAccess,@"c:\");

  //Check whether the user is part of the administrator group
  WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;
  WindowsIdentity identity = (WindowsIdentity)principal.Identity;
  bIsAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);

  //It's not, so deny access to the file
    //Do the read
    din = ReadTheFile.DoTheRead();

    //Reset deny permissions in  current stack frame

  //If we got this far .... we read in the file
  String str;
  while ((str=din.ReadLine()) != null) 
catch (SecurityException exception)
  //Failed to pass the security checks - so flag up error to user 
  listBox1.Items.Add("Permission denied accessing file");

The zip download file contains the .NET project so you can build and run this example.

If you have any comments on this article please email:


Download demo project - 22 Kb


  • I did'nt see that

    Posted by Legacy on 06/05/2002 12:00am

    Originally posted by: sdfs

    I did'nt see that

  • good , very useful

    Posted by Legacy on 04/29/2002 12:00am

    Originally posted by: Transbuerg Tian

    good , very useful

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Anthony Christie, the Chief Marketing Officer for Level Communications, is responsible for customer experience, worldwide marketing and product management. In this informative asset, he shares his insights into why a private network connection to cloud-bases applications is the right decision for your enterprise. Download now to find out more.

  • Enterprises are increasingly looking to platform as a service (PaaS) to lower their costs and speed their time to market for new applications. Developing, deploying, and managing applications in the cloud eliminates the time and expense of managing a physical infrastructure to support them. PaaS offerings must deliver additional long-term benefits, such as a lower total cost of ownership (TCO), rapid scalability, and ease of integration, all while providing robust security and availability. This report …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date