如何访问和审核 .NET Core 3.1 中文件的安全性
[英]How to access and audit security for a file in .NET Core 3.1
问题描述
I'm struggling for a while now with accessing file using .NET Core 3.1.
我现在正在努力使用 .NET Core 3.1 访问文件。 I've stumble across several examples but it seems that non of them works or I'm doing something wrong.我偶然发现了几个例子,但似乎它们都不起作用,或者我做错了什么。 So any advice or example will be highly appreciated.因此,任何建议或示例都将受到高度赞赏。
First example that I've used is as follows:我使用的第一个示例如下:
var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
AccessFileControl.AddFileSecurity(this.LocalReport.ReportPath, everyone, FileSystemRights.WriteData, AccessControlType.Allow);
ChangeFontFamily(fontFamily);
AccessFileControl.RemoveFileSecurity(this.LocalReport.ReportPath, everyone, FileSystemRights.WriteData, AccessControlType.Deny);
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
var security = new FileSecurity(fileName,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
security.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(indentifier,
rights, controlType), out bool modified);
}
In example above I've got The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.在上面的示例中,我得到了该进程不具备此操作所需的“SeSecurityPrivilege”特权。 also happen when changed AccessControlSection to All将 AccessControlSection 更改为 All 时也会发生
var security = new FileSecurity(fileName,AccessControlSections.All);
Then in second example I tried to integrate slightly different approach然后在第二个示例中,我尝试整合略有不同的方法
var ac = new FileInfo(fileName).GetAccessControl();
// Get a FileSecurity object that represents the
// current security settings.
var security = new FileSecurity(fileName,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
security.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(indentifier,
rights, controlType), out bool modified);
ac.AddAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
ac.SetAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(fileName), ds);
Which returned Access to the path '....' is denied.哪个返回对路径“....”的访问被拒绝。
In third example I tried with this approach:在第三个示例中,我尝试了这种方法:
public static void AddFileSecurity(string fileName, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(fileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
In third example I've got Attempted to perform an unauthorized operation.在第三个示例中,我尝试执行未经授权的操作。
To be fair I don't know what I'm doing wrong and any help is appreciated公平地说,我不知道自己做错了什么,感谢您的帮助
EDIT 1编辑 1
As user jdweng pointed out I tried only with AccessControlSections.Owner but without any luck.正如用户jdweng指出的那样,我只尝试了AccessControlSections.Owner但没有任何运气。 I' ve got same error Access to the path '....' is denied .我有同样的错误访问路径'....'被拒绝。
EDIT 2编辑 2
In last attempt I tried something along this path but resulted yet again with Attempted to perform an unauthorized operation.在最后一次尝试中,我沿着这条路径尝试了一些东西,但再次导致尝试执行未经授权的操作。
Attempt:试图:
public static void AddFileSecurity(string fileName, string directoryPath, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
var access = new FileInfo(fileName).GetAccessControl();
access.AddAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
FileSystemAclExtensions.SetAccessControl(new FileInfo(fileName), access);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
var access = new FileInfo(fileName).GetAccessControl();
access.RemoveAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
FileSystemAclExtensions.SetAccessControl(new FileInfo(fileName), access);
}
} }
1 个解决方案
解决方案1
0 2020-07-07 10:11:25
You might consider running your application as an admin.. Add this manifest file to your project: runasadmin.manifest:您可能会考虑以管理员身份运行您的应用程序。将此清单文件添加到您的项目中:runasadmin.manifest:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
</dependentAssembly>
</dependency>
<v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3">
<v3:security>
<v3:requestedPrivileges>
<v3:requestedExecutionLevel level="highestAvailable" />
</v3:requestedPrivileges>
</v3:security>
</v3:trustInfo>
</assembly>
If that does not work or you don't want to run your app as an administrator(or if you're already running your application as an administrator), comment me..如果这不起作用或者您不想以管理员身份运行您的应用程序(或者如果您已经以管理员身份运行您的应用程序),请评论我..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.