none
file io RRS feed

  • Question

  • My application requires data to be logged to the disk.  All works great if the user is an administrator (has rights to the disk).
    If non-admin user runs it, it throws security exception.

    I had read up on this and all example code snippets seem to point to Code Access Security & fileiopermission then either call Assert() or Demand() method.  Neither is working for me.

    Is there something special I have to do in order to write log data to disk?

    • Changed type Brian Dao Saturday, February 20, 2010 5:16 PM
    • Edited by Brian Dao Saturday, February 20, 2010 5:17 PM
    Saturday, February 20, 2010 5:54 AM

Answers

  • I manage to get the problem solved by storing the configs & log files in the user profile folder.

    Here's my concern though.  By separating the app & configs, you are running the risk of running the application with partially required data and therefore will break it.  What if the users delete data under the profile?  I know there are people who often "clean out" the profile as there are a lot of programs that leave junks behind.

    Elevating to admin privileges isn't always feasible.  How would you go around that?
    www.goturls.com
    Monday, February 22, 2010 9:14 PM
  • You assume that the Framework will support your notion of file ownership, and not implement security based upon user credentials.

    Your concern is based upon a user with more advanced priviliges modifying files that less priviliged users require, but do not have access to. I would think that an application that serviced Windows security properly would not have a requirement to service a security requirement that Windows itself will not support. The data needs of each user are unique to both their privilige level and also what they intend to do with that data. If companies allow applications to circumvent Windows security, then it is the application that is the "problem", not Windows.

    Maybe you should restructure your data with this in mind? Why not store the data itself in a common area that all users have equal access to?

    That last question sounds like a frustrated developer to me. (I get a little irritated with it, too...but...I'm glad it is there.) If the code needs Admin priviliges, then the code's users need them, too. Best to program around that need, if you want to keep your clients and their IT departments happy. If there is a way to circumvent that readily...I am worried about Windows security.
    Monday, February 22, 2010 9:44 PM
  • I guess, but I was speaking of the production environment and not development. If you're supporting multiple versions in the production environment, and need to retain the current data or configuration, then you should create functionality in your app that can migrate/convert the data that you need to the current version. That is what most apps I have worked with will do during the upgrade process.

    BTW, be careful if you choose to use the CommonApplicationData special folder. Since this folder is available to multiple users you need to make certain that any subfolders have the permissions set up correctly.
    Paul ~~~~ Microsoft MVP (Visual Basic)
    Tuesday, February 23, 2010 6:59 PM

All replies

  • It's related to build security in Windows 7

    You can tell which security are needed for your application with those attributes, not overrule other securities.

    Can you change the type of thread in question instead as discusion, it is at least for me not a discussion, but a question.
    Success
    Cor
    • Edited by Martin_XieModerator Monday, February 22, 2010 3:41 AM Modify. Thank you Cor for your friendly support!
    Saturday, February 20, 2010 7:14 AM
  • The following may help:

    http://visualstudiomagazine.com/articles/2007/11/01/banish-uac-issues.aspx


    Paul ~~~~ Microsoft MVP (Visual Basic)
    Saturday, February 20, 2010 7:41 PM
  • Thank you All for your friendly help.


    Hi Brian,

    Does this help? If you have any further questions or concerns, please feel free to let us know.

    Best regards,

    Martin Xie

    MSDN Subscriber Support in Forum

    If you have any feedback on our support, please contact msdnmg@microsoft.com


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, February 22, 2010 3:42 AM
    Moderator
  • I manage to get the problem solved by storing the configs & log files in the user profile folder.

    Here's my concern though.  By separating the app & configs, you are running the risk of running the application with partially required data and therefore will break it.  What if the users delete data under the profile?  I know there are people who often "clean out" the profile as there are a lot of programs that leave junks behind.

    Elevating to admin privileges isn't always feasible.  How would you go around that?
    www.goturls.com
    Monday, February 22, 2010 9:14 PM
  • You assume that the Framework will support your notion of file ownership, and not implement security based upon user credentials.

    Your concern is based upon a user with more advanced priviliges modifying files that less priviliged users require, but do not have access to. I would think that an application that serviced Windows security properly would not have a requirement to service a security requirement that Windows itself will not support. The data needs of each user are unique to both their privilige level and also what they intend to do with that data. If companies allow applications to circumvent Windows security, then it is the application that is the "problem", not Windows.

    Maybe you should restructure your data with this in mind? Why not store the data itself in a common area that all users have equal access to?

    That last question sounds like a frustrated developer to me. (I get a little irritated with it, too...but...I'm glad it is there.) If the code needs Admin priviliges, then the code's users need them, too. Best to program around that need, if you want to keep your clients and their IT departments happy. If there is a way to circumvent that readily...I am worried about Windows security.
    Monday, February 22, 2010 9:44 PM
  • The Windows OS is only going to get stricter about what
    parts of the system Users/Apps can mess with. Attempting to circumvent this will only
    lead to more problems down the road. If you need all users to access the same files
    then put them in the All Users App Data like

    My.Computer.FileSystem.SpecialDirectories.AllUsersApplicationData
    
    

    This should allow all the users on the machine use the files in a secure maner.
    Monday, February 22, 2010 10:50 PM
  • First of, thank you all for responding to my posts.


    Maybe I didn't express my concern/question clearly.  With all the malware, adware, spyware, viruses and the like out there, I am all for security.

    What I meant in the previous post was "is there a way to keep both application configurations & executables in one central location?".

    The problem I ran into was that both app & configs were installed in the same folder under Program Files.  I can't even read the configs under standard account context.  I solved that by restructured the program & move the configs into user profile.  This seems, to me, like the practice MS wants you to follow, am I correct?  If so, then I think my concern is valid - if users delete the data then they will break the app.

    "How would you go around that?" - how would you address this design issue to prevent that from happening so you can have both app & configs in the same location or making it obvious to the users so they don't delete the configs? or better yet, how do you add your logs & configs to your apps?


    www.goturls.com
    Tuesday, February 23, 2010 4:58 AM
  • I agree with you that the OS will need to get stricter - and not just Windows but all.  I don't meant to circumvent it.  See my response to jinzai above.

    I was looking into SpecialDirectories & Environment Variables over the weekend.  There's something weird about SpecialDirectories and I had to use EV instead of one of the properties of SD.

    I think it was CurrentUserApplicationData or something like that.  That was because the path keeps returning in this format:

    drive:\users\username\appData\roaming\full username\app name\app version.

    I think that's just strange cuz what if you upgrade your app to a new version?  How are you gonna retain the settings?


    Anyway, if you need to stored app settings & logs for your app, how would you do it?

    Thanks!
    www.goturls.com
    Tuesday, February 23, 2010 5:07 AM
  • I would create a subfolder specifically for your app under the ApplicationData special folder (Environment.SpecialFolder.ApplicationData) and store the data there.

    I don't quite understand your question regarding retaining the settings. An upgrade of your app shouldn't impact the settings. Maybe you could be a bit more specific about what you are referring to.
    Paul ~~~~ Microsoft MVP (Visual Basic)
    Tuesday, February 23, 2010 1:13 PM
  • If you drop the version part off the path and save in the app's folder then that will still work.
    you seem to like the Environment so try

    Dim SaveToPath As String = String.Format("{0}\(1)", _
            Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), _
            My.Application.Info.Title)
    
    
    Tuesday, February 23, 2010 2:34 PM
  • I had done this already using Environment.GetEnvironmentVariable("AppData") - (i think - don't have the code handy here.)  and append the App name to it.
    www.goturls.com
    Tuesday, February 23, 2010 4:35 PM
  • drive:\users\username\appData\roaming\full username\app name\app version.

    Looking at that path, what I meant was if you install the app 1.1 you will have a path of:

    drive:\users\username\appData\roaming\full username\app name\1.1

    Now you recompile your app to 1.2 you will have

    drive:\users\username\appData\roaming\full username\app name\1.2


    This is the result of using SpecialDirectories.CurrentUserApplicationData

    See if you had customized app settings saved in 1.1 then later upgrade to 1.2, wouldn't you loose all that?
    www.goturls.com
    Tuesday, February 23, 2010 4:40 PM
  • Is it necessary for you to have multiple versions of the application data folder? Unless you're planning on having multiple versions of your application installed then I wouldn't do this.
    Paul ~~~~ Microsoft MVP (Visual Basic)
    Tuesday, February 23, 2010 4:48 PM
  • SpecialFolder.CommonApplicationData
    Tuesday, February 23, 2010 4:50 PM
  • Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)

                                                   +

                                 My.Application.Info.Title

                                                 =

                      on Vista: Drive:\ProgramData\NameOfYourApp\
    On XP: Drive:\Documents and Settings\All Users\Application Data\NameOfYourApp\


    Tuesday, February 23, 2010 5:02 PM
  • Yes, it's necessary to have multiple versions - you've got to stop the development process at some point and push it to production, rite?

    www.goturls.com
    Tuesday, February 23, 2010 6:11 PM
  • I guess, but I was speaking of the production environment and not development. If you're supporting multiple versions in the production environment, and need to retain the current data or configuration, then you should create functionality in your app that can migrate/convert the data that you need to the current version. That is what most apps I have worked with will do during the upgrade process.

    BTW, be careful if you choose to use the CommonApplicationData special folder. Since this folder is available to multiple users you need to make certain that any subfolders have the permissions set up correctly.
    Paul ~~~~ Microsoft MVP (Visual Basic)
    Tuesday, February 23, 2010 6:59 PM