Custom Security Descriptor RRS feed

  • Question

  • I am exploring the possibility of creating a security descriptor for a POCO. The requirements are vague at the moment but the intention is to determine the level of access to the object, based on a set of custom permissions, without writing if(IsInRole) kind of code. Need some sources if this is even possible in managed code.




    Thursday, August 11, 2011 4:10 PM

All replies

  • It's in the namespace: System.Security.AccessControl

    Here is an MSDN example, you should be able to butcher it to suit your needs.

    FileSecurity sd = new FileSecurity();

    // block inherited ACEs
    sd.SetAccessRuleProtection(true, false);
    FileSystemRights read =
        FileSystemRights.ReadPermissions |
        FileSystemRights.ReadData |
        FileSystemRights.ReadAttributes |

    sd.AddAccessRule(new FileSystemAccessRule(
        new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,
            null), FileSystemRights.FullControl, AccessControlType.Allow));

    sd.AddAccessRule(new FileSystemAccessRule(
      new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),
          read, AccessControlType.Allow));

    File.SetAccessControl(@"c:\work\test.txt", sd);

    Alvin Bruney ASP.NET MVP www.lulu.com/owc
    Tuesday, August 16, 2011 5:20 PM