.Net 2.0 Security
-
I tried the VB.NET forum, but maybe that was the wrong forum. What I need to do is check what rights that the current authenticated user has on a given file or directory. If the code needs to create a directory(sub-folder) does the current user have Create rights. If the current user needs to write in a directory do they have the Write permissions. I have tried several renditions of the following which is from the Microsoft Help section. This code seems add the access rule even when I don't have the rights do this TRY Dim dInfo As New DirectoryInfo(FileName) Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl() dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType)) dInfo.SetAccessControl(dSecurity) CATCH END TRY
-
I tried the VB.NET forum, but maybe that was the wrong forum. What I need to do is check what rights that the current authenticated user has on a given file or directory. If the code needs to create a directory(sub-folder) does the current user have Create rights. If the current user needs to write in a directory do they have the Write permissions. I have tried several renditions of the following which is from the Microsoft Help section. This code seems add the access rule even when I don't have the rights do this TRY Dim dInfo As New DirectoryInfo(FileName) Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl() dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType)) dInfo.SetAccessControl(dSecurity) CATCH END TRY
Hi, Dotnet Security is huge topic. I can just point you to the resource as such. Here is a good article. http://www.codeproject.com/dotnet/UB\_CAS\_NET.asp Permissions are based not only On Identity of User but also based on identity of code. So, If you want to give your code some permission You must assign certain Evidence to it which will be used to calculate Permission grantset during Policy Resolution. After all this Final Hurdle still remains. You OS should allow to write into that perticular directory. Just try to make a custom permission which will allow you to write in directory and assign it to code. For that you need to run Mscorcfg.msc from VS Command prompt or run it from .net Framework 2.0 configuration from Administrative tools.
-
Hi, Dotnet Security is huge topic. I can just point you to the resource as such. Here is a good article. http://www.codeproject.com/dotnet/UB\_CAS\_NET.asp Permissions are based not only On Identity of User but also based on identity of code. So, If you want to give your code some permission You must assign certain Evidence to it which will be used to calculate Permission grantset during Policy Resolution. After all this Final Hurdle still remains. You OS should allow to write into that perticular directory. Just try to make a custom permission which will allow you to write in directory and assign it to code. For that you need to run Mscorcfg.msc from VS Command prompt or run it from .net Framework 2.0 configuration from Administrative tools.
Well I did read the entire article and saw what was happening. From everything I saw unless I was not doing it exactly, is that one way to do what I want to do was to Create a permission set, then add the appropriate rights to that permission set and then do a Permission Set DEMAND on it. From his example though it seemed that if He wanted to then check for Create rights he still had to go through the trouble of creating a FileStream Object to see if he really had the rights to do the operation. I have tried the following. Even if I have only Read access only to XPath that this code works all the time, I can never generate a SecurityException Error. TRY DIM DirectoryName AS STRING = XPath DIM PS As New PermissionSet(PermissionState.None) PS.AddPermission(New FileIOPermission(FileIOPermissionAccess.Write, PATH.GetFullPath(XPath))) PS.Demand() RETURN TRUE CATCH EX AS SecurityException RETURN FALSE CATCH EX As Exception RETURN FALSE END TRY I also created a codegroup, and a permissionset using the .NET 2.0 configurator. That gives unrestricted access to the Security, UIPermission, and the FileIOPermission objects. I just want to tell if my current user can create in a given directory, or if they can read from a given directory etc. Any further ideas as to why I cannot trap an error above?
-
Well I did read the entire article and saw what was happening. From everything I saw unless I was not doing it exactly, is that one way to do what I want to do was to Create a permission set, then add the appropriate rights to that permission set and then do a Permission Set DEMAND on it. From his example though it seemed that if He wanted to then check for Create rights he still had to go through the trouble of creating a FileStream Object to see if he really had the rights to do the operation. I have tried the following. Even if I have only Read access only to XPath that this code works all the time, I can never generate a SecurityException Error. TRY DIM DirectoryName AS STRING = XPath DIM PS As New PermissionSet(PermissionState.None) PS.AddPermission(New FileIOPermission(FileIOPermissionAccess.Write, PATH.GetFullPath(XPath))) PS.Demand() RETURN TRUE CATCH EX AS SecurityException RETURN FALSE CATCH EX As Exception RETURN FALSE END TRY I also created a codegroup, and a permissionset using the .NET 2.0 configurator. That gives unrestricted access to the Security, UIPermission, and the FileIOPermission objects. I just want to tell if my current user can create in a given directory, or if they can read from a given directory etc. Any further ideas as to why I cannot trap an error above?
Hi, Sorry for late reply. I found that there is a class called DirectorySecurity. I think this is what you need. http://msdn2.microsoft.com/en-US/library/system.security.accesscontrol.directorysecurity.aspx You might know this, But this is just to remind that Demand() method just to perform Stack walk. That is used just to prevent the Elevation of Priviledge. When your method call some function in some other dll. So, That DLL may check your DLL by creating a instance of requested permission and compare it agaist all the methods in the call stack. According to MSDN, If the Parent Directory is Readonly then when you try to create a directory in that it will give an exception. Here are the more cases when Exception is thrown. Just check if your directory is readonly?? I've played a lot with policy files, Because I am studying .NET security course at my school. And I suggest you can do the same if you want. But, Instead you can create a new permission file under user group and do not assign any permission to it except execution. Now you can create a code group and assign this permission only as a permission set. You also need to select two checkboxes from General tab. This will prevent any access to be given to the All_Code when this condition is met. Otherwise, Permission will be granted based on Union of all code groups at each policy level + intersection of all policy level.