堆栈内存溢出
  简体   繁体   English

你能制作一个 C# 程序,它不能访问除安装文件夹以外的任何本地文件系统吗?

[英]Can you make a C# program which can not access to any local file system other than the folder it is installed?

 原文  2012-04-10 14:40:42       c#

问题描述

Let me ask whether you can make a C# program which can not access to any local file system other than the folder/sub folders it is installed?请问您是否可以制作一个 C# 程序,它不能访问除安装的文件夹/子文件夹之外的任何本地文件系统? And how if the answer is yes.如果答案是肯定的怎么办。 For details if it is necessary and possible, users are supposed to accept the program runs under a special user account which is restricted the file access only to the folder it is installed and to sub folders.有关详细信息,如果有必要和可能,用户应该接受在特殊用户帐户下运行的程序,该帐户将文件访问权限仅限于它安装的文件夹和子文件夹。

Thank you very much in advance.非常感谢你提前。

Edit: Let me add context.编辑:让我添加上下文。 I want users do not change their accounts.我希望用户不要更改他们的帐户。 And as a programmer I do not have complete control over the program for some reasons.作为一名程序员,由于某些原因,我无法完全控制程序。

3 个解决方案

解决方案1
 9 已采纳  2012-04-10 14:48:56

Can you make a C# program which cannot access any part of the local file system other than the directory in which it is installed?你能否制作一个 C# 程序,它只能访问安装目录以外的本地文件系统的任何部分?

No, because every C# program will need to at the very least have access to the .NET runtime libraries, which are in the Windows install directory.不,因为每个 C# 程序至少需要访问 .NET 运行时库,这些库位于 Windows 安装目录中。

My suggestion to you is that you look into isolated storage .我对您的建议是研究隔离存储 The .NET code access security system enables you to set a policy which states that certain programs only get to access the .NET runtime, the installed location of the code, and a special "isolated storage" directory that can be used for the application to store per-user data. .NET 代码访问安全系统使您能够设置一个策略,声明某些程序只能访问 .NET 运行时、代码的安装位置,以及一个特殊的“隔离存储”目录,该目录可用于应用程序存储每个-用户数据。

解决方案2
 1  2012-04-10 14:50:57

The answer is yes, but how you do this is complicated.答案是肯定的,但如何做到这一点很复杂。

First, you need a user account with extremely limited permissions.首先,您需要一个权限极其有限的用户帐户。 It must be able to access files and run programs within the installation directory of the program, and that's pretty much it.它必须能够访问程序安装目录中的文件和运行程序,仅此而已。 You can create such a user with the installer program, using tools in the System.DirectoryServices namespace.您可以使用 System.DirectoryServices 命名空间中的工具,通过安装程序创建这样的用户。 Here's an example of creating a user:以下是创建用户的示例:

using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
private void CreateUser(string userName, string password)
{
DirectorySearcher dseSearcher = new DirectorySearcher();
string rootDSE = dseSearcher.SearchRoot.Path;
string userDSE = rootDSE.Insert(7, "OU=Users,");
DirectoryEntry userDE = new DirectoryEntry(userDSE);
DirectoryEntry user = userDE.Children.Add("CN=" + userID, "user");
staff.Properties["samAccountName"].Value = userID;
staff.Properties["UserPrincipalName"].Value = userName +
@"@domain";
staff.CommitChanges();
staff.Properties["userAccountControl"].Value =
ActiveDs.ADS_USER_FLAG.ADS_UF_NORMAL_ACCOUNT |
ActiveDs.ADS_USER_FLAG.ADS_UF_DONT_EXPIRE_PASSWD;
staff.CommitChanges();
staff.Invoke("SetPassword", new Object[] { password });
}

Now, once that's happened, you need to make sure your program normally runs in the context of that user account.现在,一旦发生这种情况,您需要确保您的程序在该用户帐户的上下文中正常运行。 You can do that by specifying the user account to run the program with in a ProcessStartInfo object, used by a "bootstrapper" program that is what you create shortcuts for.您可以通过在 ProcessStartInfo object 中指定用于运行程序的用户帐户来做到这一点,该程序由您为其创建快捷方式的“引导程序”程序使用。 You can then also ensure the program is running in the context of that user account using Environment.CurrentUser, and abort execution of the program if it is being run by any more permissive account.然后,您还可以使用 Environment.CurrentUser 确保程序在该用户帐户的上下文中运行,如果程序正在由任何更宽松的帐户运行,则中止程序的执行。

解决方案3
 1  2012-04-10 14:54:52

If you just want to restrict the program to a particular account, you can look up the user's credentials, and exit the program if it's not the right one.如果您只想将程序限制为特定帐户,您可以查找用户的凭据,如果不正确则退出程序。

http://msdn.microsoft.com/en-us/library/csyx45b8.aspx http://msdn.microsoft.com/en-us/library/csyx45b8.aspx
http://msdn.microsoft.com/en-us/library/sfs49sw0.aspx http://msdn.microsoft.com/en-us/library/sfs49sw0.aspx

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我可以让我的代码不接受除 int C# 以外的任何输入吗 - Can I make my code not accept any input other than an int C# C#程序查询网络文件夹中的Access数据库所需的时间比查询本地副本所需的时间长 - C# program querying an Access database in a network folder takes longer than querying a local copy C#中的共享对象,可以供其他程序使用 - shared object in C# which can used by other program C#如何获得其他批处理文件的输出? - C# how can you get output of an other batch file? 使C#程序能够在任何操作系统上编译 - Make a C# program be able to compile on any operating system 拒绝访问 C# 中的“文档”(以及几乎所有其他文件夹) - Access Denied to "Documents" in C# (and pretty much any other folder) 在C#中,您能否告诉哪个标准函数将INT编号提升到任何所需的程度? - In C#, can you please tell which is the standard function which raises an INT number into any desired degree? C#为什么我不能访问C:\\ Users下的域用户的本地文件夹? - C# Why can't I access domain user's local folder under C:\Users? 我可以通过 java 反编译工具反编译任何用 C# 或任何其他语言编写的游戏吗? - Can I decompile any game which is written in C# or any other language through java decompiler tool? C# - 检查是否可以访问/读取文件夹 - C# - Check if can access / read folder
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM