[英]Can you make a C# program which can not access to any local file system other than the folder it is installed?
Let me ask whether you can make a C# program which can not access to any local file system other than the folder/sub folders it is installed?请问您是否可以制作一个 C# 程序,它不能访问除安装的文件夹/子文件夹之外的任何本地文件系统? And how if the answer is yes.如果答案是肯定的怎么办。 For details if it is necessary and possible, users are supposed to accept the program runs under a special user account which is restricted the file access only to the folder it is installed and to sub folders.有关详细信息,如果有必要和可能,用户应该接受在特殊用户帐户下运行的程序,该帐户将文件访问权限仅限于它安装的文件夹和子文件夹。
Thank you very much in advance.非常感谢你提前。
Edit: Let me add context.编辑:让我添加上下文。 I want users do not change their accounts.我希望用户不要更改他们的帐户。 And as a programmer I do not have complete control over the program for some reasons.作为一名程序员,由于某些原因,我无法完全控制程序。
Can you make a C# program which cannot access any part of the local file system other than the directory in which it is installed?你能否制作一个 C# 程序,它只能访问安装目录以外的本地文件系统的任何部分?
No, because every C# program will need to at the very least have access to the .NET runtime libraries, which are in the Windows install directory.不,因为每个 C# 程序至少需要访问 .NET 运行时库,这些库位于 Windows 安装目录中。
My suggestion to you is that you look into isolated storage .我对您的建议是研究隔离存储。 The .NET code access security system enables you to set a policy which states that certain programs only get to access the .NET runtime, the installed location of the code, and a special "isolated storage" directory that can be used for the application to store per-user data. .NET 代码访问安全系统使您能够设置一个策略,声明某些程序只能访问 .NET 运行时、代码的安装位置,以及一个特殊的“隔离存储”目录,该目录可用于应用程序存储每个-用户数据。
The answer is yes, but how you do this is complicated.答案是肯定的,但如何做到这一点很复杂。
First, you need a user account with extremely limited permissions.首先,您需要一个权限极其有限的用户帐户。 It must be able to access files and run programs within the installation directory of the program, and that's pretty much it.它必须能够访问程序安装目录中的文件和运行程序,仅此而已。 You can create such a user with the installer program, using tools in the System.DirectoryServices namespace.您可以使用 System.DirectoryServices 命名空间中的工具,通过安装程序创建这样的用户。 Here's an example of creating a user:以下是创建用户的示例:
using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
private void CreateUser(string userName, string password)
{
DirectorySearcher dseSearcher = new DirectorySearcher();
string rootDSE = dseSearcher.SearchRoot.Path;
string userDSE = rootDSE.Insert(7, "OU=Users,");
DirectoryEntry userDE = new DirectoryEntry(userDSE);
DirectoryEntry user = userDE.Children.Add("CN=" + userID, "user");
staff.Properties["samAccountName"].Value = userID;
staff.Properties["UserPrincipalName"].Value = userName +
@"@domain";
staff.CommitChanges();
staff.Properties["userAccountControl"].Value =
ActiveDs.ADS_USER_FLAG.ADS_UF_NORMAL_ACCOUNT |
ActiveDs.ADS_USER_FLAG.ADS_UF_DONT_EXPIRE_PASSWD;
staff.CommitChanges();
staff.Invoke("SetPassword", new Object[] { password });
}
Now, once that's happened, you need to make sure your program normally runs in the context of that user account.现在,一旦发生这种情况,您需要确保您的程序在该用户帐户的上下文中正常运行。 You can do that by specifying the user account to run the program with in a ProcessStartInfo object, used by a "bootstrapper" program that is what you create shortcuts for.您可以通过在 ProcessStartInfo object 中指定用于运行程序的用户帐户来做到这一点,该程序由您为其创建快捷方式的“引导程序”程序使用。 You can then also ensure the program is running in the context of that user account using Environment.CurrentUser, and abort execution of the program if it is being run by any more permissive account.然后,您还可以使用 Environment.CurrentUser 确保程序在该用户帐户的上下文中运行,如果程序正在由任何更宽松的帐户运行,则中止程序的执行。
If you just want to restrict the program to a particular account, you can look up the user's credentials, and exit the program if it's not the right one.如果您只想将程序限制为特定帐户,您可以查找用户的凭据,如果不正确则退出程序。
http://msdn.microsoft.com/en-us/library/csyx45b8.aspx http://msdn.microsoft.com/en-us/library/csyx45b8.aspx
http://msdn.microsoft.com/en-us/library/sfs49sw0.aspx http://msdn.microsoft.com/en-us/library/sfs49sw0.aspx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.