C# 如何访问和审核.NET Core 3.1中文件的安全性
我现在正在努力使用.NETCore3.1访问文件。我偶然发现了几个例子,但似乎没有一个有效,或者我做错了什么。因此,任何建议或示例都将受到高度赞赏 我使用的第一个示例如下:C# 如何访问和审核.NET Core 3.1中文件的安全性,c#,asp.net-core,.net-core,C#,Asp.net Core,.net Core,我现在正在努力使用.NETCore3.1访问文件。我偶然发现了几个例子,但似乎没有一个有效,或者我做错了什么。因此,任何建议或示例都将受到高度赞赏 我使用的第一个示例如下: var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null); AccessFileControl.AddFileSecurity(this.LocalReport.ReportPath, everyone
var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
AccessFileControl.AddFileSecurity(this.LocalReport.ReportPath, everyone, FileSystemRights.WriteData, AccessControlType.Allow);
ChangeFontFamily(fontFamily);
AccessFileControl.RemoveFileSecurity(this.LocalReport.ReportPath, everyone, FileSystemRights.WriteData, AccessControlType.Deny);
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
var security = new FileSecurity(fileName,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
security.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(indentifier,
rights, controlType), out bool modified);
}
在上面的示例中,我得到该进程不具有此操作所需的“SeSecurityPrivilege”权限。当AccessControlSection更改为All时,也会发生这种情况
var security = new FileSecurity(fileName,AccessControlSections.All);
然后在第二个示例中,我尝试集成稍微不同的方法
var ac = new FileInfo(fileName).GetAccessControl();
// Get a FileSecurity object that represents the
// current security settings.
var security = new FileSecurity(fileName,
AccessControlSections.Owner |
AccessControlSections.Group |
AccessControlSections.Access);
security.ModifyAccessRule(AccessControlModification.Add, new FileSystemAccessRule(indentifier,
rights, controlType), out bool modified);
ac.AddAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
ac.SetAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
FileSystemAclExtensions.SetAccessControl(new DirectoryInfo(fileName), ds);
返回对路径“..”的访问被拒绝。
在第三个示例中,我尝试了这种方法:
public static void AddFileSecurity(string fileName, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(fileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
在第三个示例中,我尝试执行未经授权的操作。
公平地说,我不知道我做错了什么,任何帮助都是感激的
编辑1
正如用户jdweng指出的,我只尝试了AccessControlSections.Owner,但没有任何运气。
我遇到了相同的错误对路径“..”的访问被拒绝
编辑2
在上一次尝试中,我沿此路径尝试了一些操作,但再次尝试执行未经授权的操作。
尝试:
public static void AddFileSecurity(string fileName, string directoryPath, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
var access = new FileInfo(fileName).GetAccessControl();
access.AddAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
FileSystemAclExtensions.SetAccessControl(new FileInfo(fileName), access);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, SecurityIdentifier indentifier,
FileSystemRights rights, AccessControlType controlType)
{
var access = new FileInfo(fileName).GetAccessControl();
access.RemoveAccessRule(new FileSystemAccessRule(indentifier,
rights, controlType));
FileSystemAclExtensions.SetAccessControl(new FileInfo(fileName), access);
}
}/P>< P>您可以考虑将应用程序运行为管理员。将此清单文件添加到项目:runasadmin.manifest:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" />
</dependentAssembly>
</dependency>
<v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3">
<v3:security>
<v3:requestedPrivileges>
<v3:requestedExecutionLevel level="highestAvailable" />
</v3:requestedPrivileges>
</v3:security>
</v3:trustInfo>
</assembly>
如果这不起作用,或者您不想以管理员身份运行应用程序(或者您已经以管理员身份运行应用程序),请给我留言。只有所有者或管理员可以更改权限。@jdweng所以,在第一个示例中,我只需要从文件安全性中删除组和访问权限?您的意思是禁用分组吗?抱歉,没有。我遇到无法访问和编辑文件的问题。我认为您的意思是在这段代码中
var security=newfilesecurity(fileName,AccessControlSections.Owner | AccessControlSections.Group | AccessControlSections.Access)代码>只有当您同时拥有这些凭据并且您在组(或所有者)中时,才能将凭据设置为文件。除非您是管理员,否则您不能更改所有者。谢谢。我试试看,然后尽快和你联系