How can I modify the user rigths on a xml file?

[Rainer Queck]

Hello NG,

How can I modify the user rigths on a xml file?
Can this be done by code as well?

I could only find the possibillity to modify user rights on folders, not on
files and this onyl manual.

Regards
Rainer Queck

 

[Michael Nemtsev, MVP]

Hello Rainer,

See sample there http://weblogs.asp.net/cumpsd/archive/2004/02/08/69403.aspx

---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour

"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo


RQ> Hello NG,
RQ>
RQ> How can I modify the user rigths on a xml file?
RQ> Can this be done by code as well?
RQ> I could only find the possibillity to modify user rights on folders,
RQ> not on files and this onyl manual.
RQ>
RQ> Regards
RQ> Rainer Queck

 

[Rainer Queck]

Hi Michael,

thanks for the link! That should make it fairly easy

Regards
Rainer

 

[Willy Denoyette [MVP]]

Hi Michael,

thanks for the link! That should make it fairly easy

Regards
Rainer

Don't use this method if you have access to V2 of the framework, use the
System.Security.AccessControl
namespace classes instead.
Also keep in mind that changing the security settings on Filesystem objects
(and others) requires administrative privileges, your applications don't
require to run as administrator do they?

Willy.

 

[Jeffrey Tan[MSFT]]

Hi Rainer,

Thank you for the feedback.

Is your code using .Net1.1 or 2.0?

The code snippet link provided by "Michael Nemtsev" leverages the
gotdotnet code sample. The gotdotnet code sample is provided to address the
lack of file security support in .Net1.1. In .Net2.0, we have added the
build-in support for configuring the security setting for directories and
files. That's why Willy suggested you to use the build-in
System.Security.AccessControl namespace for your task if you are using
Net2.0.

In .Net2.0, setting the user rights on a file is pretty straightforward.
You may use File.GetAccessControl() to obtain the current security setting
of the file as a FileSecurity object. Then, you may use
FileSecurity.AddAccessRule() and FileSecurity.RemoveAccessRule() methods to
add or remove rules from the FileSecurity object. Finally, you can use
File.SetAccessControl() method to assign the new FileSecurity to the file.

There is sample code snippet in the link below:
http://msdn2.microsoft.com/en-us/library/system.io.file.setaccesscontrol.asp
x

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Rainer Queck]

Hi Willy,

thanks for your hints.

Also keep in mind that changing the security settings on Filesystem
objects (and others) requires administrative privileges, your applications
don't require to run as administrator do they?

;-)
No they don't...
....but currently I am thinking about adding a feature that would allow the
user in a case like this to readjust the file rights if necessary.

Regards
Rainer

 

[Rainer Queck]

Hello Jeffrey,

Is your code using .Net1.1 or 2.0?

I am using 2.0.

The code snippet link provided by "Michael Nemtsev" leverages the
gotdotnet code sample. The gotdotnet code sample is provided to address
the
lack of file security support in .Net1.1. In .Net2.0, we have added the
build-in support for configuring the security setting for directories and
files. That's why Willy suggested you to use the build-in
System.Security.AccessControl namespace for your task if you are using
Net2.0.

In .Net2.0, setting the user rights on a file is pretty straightforward.
You may use File.GetAccessControl() to obtain the current security setting
of the file as a FileSecurity object. Then, you may use
FileSecurity.AddAccessRule() and FileSecurity.RemoveAccessRule() methods
to
add or remove rules from the FileSecurity object. Finally, you can use
File.SetAccessControl() method to assign the new FileSecurity to the file.

There is sample code snippet in the link below:
http://msdn2.microsoft.com/en-us/library/system.io.file.setaccesscontrol.asp

Thank you very much for the additional information and link!
I think this makes it very easy now, to implement to my project, what I am
looking for. I am currently thinking to add functionallity, that allows a
user of my app (if he knows the admin access passwords) to readjust the user
rights of the xml-file in question. This might become necessary, because it
is possible, that this file can be moved around different systems since it
holds setup data to a external teststand.

Regards
Rainer Queck

 

[Jeffrey Tan[MSFT]]

Hi Rainer,

Thank you for the feedback.

Do you mean that you wanted to allow a user in normal Users group to be
able to adjust your xml file DACL setting by providing the Admin password?

Yes, this is possible. Your code may get the admin username/password from
the normal user and perform impersonation to temporarily run your
application under Admin's credentials.

To perform impersonation in .Net, you may first p/invoke LogonUser Win32
API to get the security token of Admin and then initialize a
WindowsIdentity for impersonation. The articles below provided the detailed
sample code and steps:
"User Impersonation in .Net"
http://www.codeproject.com/useritems/User_Impersonation_in_Ne.asp
"Windows Impersonation using C#"
http://www.codeproject.com/csharp/cpimpersonation1.asp

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Rainer Queck]

Hi Jeffrey,

Hope this helps.

Yes, it helped a lot! Thanks for the links.

Regards
Rainer