简体繁体 English

如何在.net中锁定文件，以便只有我的应用可以访问它？

[英]How can I lock a file in .net so that only my app can access it?

原文 2011-01-31 10:02:45 7 6 c#/ .net/ security/ file/ file-locking

I read queries regarding file locking but either they refer to multiple file access problem or something else.Ususal response to this would be lock to the file using FileStream.Lock,using FileShare.None with File.Open etc, but locking say a 100 files is not a good programming practice,also in these scenarios the lock will be released if my app closes/crashes which I don't want also ie I want the lock to persist and only my app can open it for others. 我阅读有关文件锁定的查询，但要么他们引用多个文件访问问题或其他。对此的响应将使用FileStream.Lock锁定文件，使用FileShare.None与File.Open等锁定，但锁定说100个文件不是一个好的编程习惯，在这些情况下，如果我的应用程序关闭/崩溃我也不会想要锁定，即我希望锁定持续存在，只有我的应用程序可以为其他人打开它。

On msdn I found System.Security,System.Security.AccessControl namespaces,I believe these might help.Also this article will shed some light on what I want. 在MSDN上，我发现System.Security，System.Security.AccessControl命名空间，我相信这些可能help.Also 此文章将阐明我想要的一些情况。

EDIT:: 编辑：：

Mannnnn... did anyone referred the "this" link I provided. Mannnnn ...有人提到我提供的“这个”链接。

Ok...in short I want something what PC Security software does.Does that ring a bell...anyone used it???? 好的......总之我想要一些PC安全软件所做的事情。那敲响了钟声......有人用它吗????

Thanks. 谢谢。

6 个解决方案

This just isn't possible. 这是不可能的。 A user with sufficient privileges can always alter security settings and run a program to access your file. 具有足够权限的用户始终可以更改安全设置并运行程序来访问您的文件。 So, work from the assumption that you cannot stop this and focus on what the program or the user could do with the data in the file. 因此，假设您无法停止此操作并专注于程序或用户可以对文件中的数据执行的操作。

Encrypt it. 加密它。

There's a basic flaw in your requirements here and that is that the file system only has one method of preventing access to a file, and that is through the ACL. 这里的要求存在一个基本缺陷，那就是文件系统只有一种阻止访问文件的方法，即通过ACL。 You can specify that the user that logs on to the system doesn't have access rights to those files, and thus the files are not available to him. 您可以指定登录到系统的用户没有这些文件的访问权限，因此他无法使用这些文件。

However, in order for your program to be able to access those files, you need to set up a user that "logs on" in order to run your program, and of course any other programs configured to run as that user will have access to those files. 但是，为了使您的程序能够访问这些文件，您需要设置一个“登录”的用户才能运行您的程序，当然还有任何其他程序配置为以该用户可以访问的方式运行那些文件。

Other locks, like open the file for exclusive access, is as you've already discovered only effective when the program is running. 其他锁定，例如打开文件以进行独占访问，就像您已经发现的那样只在程序运行时才有效。 If for any reason the program isn't running, those types of locks aren't in place. 如果由于任何原因程序未运行，则这些类型的锁不到位。

What specifically are you trying to prevent? 你有什么具体的预防措施？ There might be other ways to handle that than to try to lock away the files. 可能有其他方法来处理它而不是试图锁定文件。

You could encrypt the file and embed the key within your application. 您可以加密文件并将密钥嵌入应用程序中。 It depends on what you mean by "only my app can open it for others". 这取决于你的意思“只有我的应用程序可以为他人打开它”。

I think the thing which you want can only possible by using file system minifilter driver. 我认为你想要的东西只能通过使用文件系统minifilter驱动程序。 as many other application provide this functionality by using driver like universal shield in which you can make process as trusted so only trusted process can access that file/folder an other application like folder protect which also provide such type of permission on file/folder.. 许多其他应用程序通过使用通用屏蔽等驱动程序来提供此功能，您可以在其中将进程设置为受信任，因此只有受信任的进程才能访问该文件/文件夹，其他应用程序（如文件夹保护）也会在文件/文件夹上提供此类权限。

I would recommend using the IsolatedStorage class. 我建议使用IsolatedStorage类。 There you can store a file which is directly "linked" to your application. 在那里，您可以存储直接“链接”到您的应用程序的文件。

Have a closer look to it in MSDN IsolatedStorage . 在MSDN IsolatedStorage中仔细查看它。 You may use a file assembly scoped . 您可以使用作用域的文件程序集 。 Anyway each user MAY navigate through the file system to your applicationData folder and open this file manually (although it is rather unexpected) 无论如何，每个用户都可以通过文件系统导航到您的applicationData文件夹并手动打开该文件（尽管这是相当意外的）

You are trying to find a way to implement a method ("lock" the files) and not to achieve a goal. 您正在尝试找到一种方法来实现方法（“锁定”文件）而不是实现目标。

I assume that you want to hold some private data and optionally provide access to your data to other applications. 我假设您想要保存一些私有数据，并可选择提供对其他应用程序的数据访问。 In this case you need an encrypted container, which can be exposed to other applications, for example via a virtual disk (our SolFS OS edition is an optimal variant in this case). 在这种情况下，您需要一个加密容器，可以将其暴露给其他应用程序，例如通过虚拟磁盘（在这种情况下，我们的SolFS OS版本是最佳变体）。

However, the problem is that the key will be held in your application's code, and theoretically can be extracted and used to access the container. 但是，问题是密钥将保存在应用程序的代码中，理论上可以提取并用于访问容器。 Practically the procedure can be made more complicated, but this is not a 100% bulletproof solution. 实际上，程序可以变得更复杂，但这不是100％防弹解决方案。