我在.NET 3.5中试用了Windows 7中的FileIOPermission
。我一直是一个Windows XP的用户,并授予该权限,因为我是一个管理员即使在C#中授予FileIOPermission也无法复制文件
我写了下面的代码,测试,看看我会写信给C:\ Program Files文件\ Outlook中......
static void Main(string[] args)
{
Console.WriteLine("Am I an administrator? " + new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
// Try and open a file in C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll
string path = @"C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll";
try
{
FileIOPermission ioPerm = new FileIOPermission(FileIOPermissionAccess.Read, path);
ioPerm.Demand();
string backupPath = Path.ChangeExtension(path, ".bak");
FileIOPermission writeAccess = new FileIOPermission(FileIOPermissionAccess.AllAccess, backupPath);
writeAccess.Demand();
Console.WriteLine("Read access is permitted: {0} => {1}",path,SecurityManager.IsGranted(ioPerm));
Console.WriteLine("Write backup file is permitted: {0} => {1}", backupPath, SecurityManager.IsGranted(writeAccess));
File.Copy(path, backupPath);
Console.WriteLine("File copied! {0}",backupPath);
Console.WriteLine("Deleting file.....");
File.Delete(path);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine(uae.ToString());
}
Console.ReadLine();
}
所以程序使得UnauthorizedAccessException
(我希望),但我不明白的是,Demand()
允许权限,SecurityManager
确认许可的,但在执行File.Copy()
当我得到的异常。
虽然我很高兴看到.NET阻止我,但为什么在我打电话给Demand()
时,它没有通知我?
我得到以下输出:
Am I an administrator? False Read access is permitted: C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll => True Write backup file is permitted: C:\Program Files\Microsoft Office\Office14\BCSLaunch.bak => True System.UnauthorizedAccessException: Access to the path 'C:\Program Files\Microsoft Office\Office14\BCSLaunch.bak' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite) at System.IO.File.Copy(String sourceFileName, String destFileName) at TryAndGetUACPrompt.Program.Main(String[] args) in C:\Users\..............
请有人可以帮助我了解为什么我收到矛盾的信息?
-
更新 - 19:30 GMT
我已经通过源文件使用下面的代码的ACL看:
Console.WriteLine("ACL Permissions for Source....");
FileSecurity fileSecurityForOriginalPath = new FileSecurity(path, AccessControlSections.Access);
foreach (FileSystemAccessRule rule in fileSecurityForOriginalPath.GetAccessRules(true,true,typeof(NTAccount)))
{
Console.WriteLine("{0} => {1}", rule.FileSystemRights, rule.AccessControlType);
}
输出如下:
ACL Permissions for Source.... FullControl => Allow FullControl => Allow ReadAndExecute, Synchronize => Allow
因此,我确实有权读取它。但是,我试图使用这段代码来查看备份路径的权限和明显是,由于我的备份(目标)文件没有物理存在,所以我得到一个异常,所以我无法检查它的权限。
我将接下来尝试另一个建议,将此检查移入另一个方法。
更新 - 19:45 GMT
我已经重构了读/写需求转化的另一种方法:
private static FileIOPermission CheckWriteAccess(string backupPath)
{
FileIOPermission writeAccess = new FileIOPermission(FileIOPermissionAccess.AllAccess, backupPath);
writeAccess.Demand();
return writeAccess;
}
private static FileIOPermission CheckReadAccess(string path)
{
FileIOPermission ioPerm = new FileIOPermission(FileIOPermissionAccess.Read, path);
ioPerm.Demand();
return ioPerm;
}
这些都无一例外地返回罚款。
因此,如果.NET安全增强DACL,我想知道它为什么认为它会成功,如果实际上不成功。
-
更新19:57 GMT
好吧,我检查了目录,而不是backupFile(目标文件)的权限,并得到这个作为输出(使用从AuthorizationRuleCollection一个foreach。 GetAccessRules())
Checking write access in this directory.... FullControl => Allow 268435456 => Allow FullControl => Allow 268435456 => Allow FullControl => Allow 268435456 => Allow ReadAndExecute, Synchronize => Allow -1610612736 => Allow 268435456 => Allow
我用了一个Enum.Format(typeof(FileSystemAccessRights),rule,"G")
拿到格式,切实做好了toString(),但我只是不知道这些数字是正确的。
代码上面的输出:
private static DirectorySecurity CheckWriteAccess(string backupPath)
{
DirectorySecurity writeAccess = new DirectorySecurity(Path.GetDirectoryName(backupPath),AccessControlSections.Access);
Console.WriteLine("Checking write access in this directory....");
foreach (FileSystemAccessRule rule in writeAccess.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine("{0} => {1}", Enum.Format(typeof(FileSystemRights),rule.FileSystemRights,"G"), rule.AccessControlType);
}
return writeAccess;
}
这不是.NET运行时防止接近,但文件系统。 – dtb 2010-01-27 19:14:08
您只是列举了文件/文件夹的ACL(访问控制列表)中的规则(访问控制条目/ ACE),但您忽略了看哪个_user_被授予哪些_right_。例如,你显示“允许,允许”等,但你不显示_who_被允许。 ACL中的每个ACE描述主体(用户或组)及其权限(r/w/x等)。您仍然没有显示运行该程序的用户(您?)拥有一个ACE,其中包含您试图访问的资源的完全控制权。 – x0n 2010-09-17 19:58:33
哪个是源代码示例的最终解决方案? – Kiquenet 2011-11-22 13:45:55