Implementing .NET Security in C#

-->

Environment: C#, .NET

Since my company, Harrissoft.co.uk, does a lot of .NET consultancy, one of our recent projects required that file i/o access be denied if the user running the application did not have administrator privileges. A lot has been written about the command line utility caspol.exe, however, this can seem a little over the top and quite complex when considering code groups, policy levels and zone management.

I basically wanted to programmatically check whether the user had the relevant permissions by accessing their windows account. Fortunately, .NET provides this through the System.Security.Principal namespace. I also wanted to deny access to particular drives - this is done through the namespace System.Security.Permissions.

Below is a skeleton example, where if the user is not an administrator the contents of a text file cannot be read and displayed in a list box:

try
{
  // By default deny access to the C Drive.....
  CodeAccessPermission UserPermission = 
     new FileIOPermission(FileIOPermissionAccess.AllAccess,@"c:\");

  //Check whether the user is part of the administrator group
  AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
  WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal;
  WindowsIdentity identity = (WindowsIdentity)principal.Identity;
  
  bIsAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);

  //It's not, so deny access to the file
  if(!bIsAdmin)
  {
    UserPermission.Deny();
  }
  else
  {
    //Do the read
    din = ReadTheFile.DoTheRead();
  }

  if(!bIsAdmin)
  {
    //Reset deny permissions in  current stack frame
    CodeAccessPermission.RevertDeny();
  }

  //If we got this far .... we read in the file
  String str;
  
  while ((str=din.ReadLine()) != null) 
  {
    listBox1.Items.Add(str);
  }
}
catch (SecurityException exception)
{
  //Failed to pass the security checks - so flag up error to user 
  listBox1.Items.Add("Permission denied accessing file");
}

The zip download file contains the .NET project so you can build and run this example.

If you have any comments on this article please email: simonharris@harrissoft.co.uk

Downloads

Download demo project - 22 Kb


Comments

  • I did'nt see that

    Posted by Legacy on 06/05/2002 12:00am

    Originally posted by: sdfs

    I did'nt see that

    Reply
  • good , very useful

    Posted by Legacy on 04/29/2002 12:00am

    Originally posted by: Transbuerg Tian

    good , very useful

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • This white paper examines the economics of deploying Red Hat's Storage Server. Based on GlusterFS, a distributed file system that Red Hat acquired as part of Gluster, Red Hat Storage Server is ushering in a new era of software-based storage (also known as software-defined storage by many suppliers) solutions. Such solutions leverage commodity x86-based hardware from server vendors and a distributed shared nothing architecture that allows businesses to build out a service-based storage infrastructure in an …

  • At present, the most commonly deployed parallel file system is Lustre, and its adoption is growing across the HPC industry. According to Intersect 360 Research, "Through its leadership and involvement with OpenSFS, Cray advocates for the development of features that drive efficient performance at scale." Moreover, with help from Cray and OpenSFS, Lustre is gaining greater adoption across broader commercial application categories. As data and I/O requirements grow in commercial markets, technology vendors -- …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date