–>
Environment: C#, .NET
Since my company, Harrissoft.co.uk, does a lot of .NET consultancy, one of our recent projects required that file i/o access be denied if the user running the application did not have administrator privileges. A lot has been written about the command line utility caspol.exe, however, this can seem a little over the top and quite complex when considering code groups, policy levels and zone management.
I basically wanted to programmatically check whether the user had the relevant permissions by accessing their windows account. Fortunately, .NET provides this through the System.Security.Principal namespace. I also wanted to deny access to particular drives – this is done through the namespace System.Security.Permissions.
Below is a skeleton example, where if the user is not an administrator the contents of a text file cannot be read and displayed in a list box:
try { // By default deny access to the C Drive..... CodeAccessPermission UserPermission = new FileIOPermission(FileIOPermissionAccess.AllAccess,@"c:\"); //Check whether the user is part of the administrator group AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); WindowsPrincipal principal = (WindowsPrincipal)Thread.CurrentPrincipal; WindowsIdentity identity = (WindowsIdentity)principal.Identity; bIsAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator); //It's not, so deny access to the file if(!bIsAdmin) { UserPermission.Deny(); } else { //Do the read din = ReadTheFile.DoTheRead(); } if(!bIsAdmin) { //Reset deny permissions in current stack frame CodeAccessPermission.RevertDeny(); } //If we got this far .... we read in the file String str; while ((str=din.ReadLine()) != null) { listBox1.Items.Add(str); } } catch (SecurityException exception) { //Failed to pass the security checks - so flag up error to user listBox1.Items.Add("Permission denied accessing file"); }
The zip download file contains the .NET project so you can build and run this example.
If you have any comments on this article please email: simonharris@harrissoft.co.uk