无法复制文件,即使在 C# 中授予了 FileIOPermission
我正在 .NET 3.5 中尝试 Windows 7 中的 FileIOPermission。我是Windows XP用户,并被授予此权限,因为我是管理员
我编写了以下代码,测试看看我是否可以写入C:\ Program Files \ Outlook......
static void Main(string[] args)
{
Console.WriteLine("Am I an administrator? " + new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
// Try and open a file in C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll
string path = @"C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll";
try
{
FileIOPermission ioPerm = new FileIOPermission(FileIOPermissionAccess.Read, path);
ioPerm.Demand();
string backupPath = Path.ChangeExtension(path, ".bak");
FileIOPermission writeAccess = new FileIOPermission(FileIOPermissionAccess.AllAccess, backupPath);
writeAccess.Demand();
Console.WriteLine("Read access is permitted: {0} => {1}",path,SecurityManager.IsGranted(ioPerm));
Console.WriteLine("Write backup file is permitted: {0} => {1}", backupPath, SecurityManager.IsGranted(writeAccess));
File.Copy(path, backupPath);
Console.WriteLine("File copied! {0}",backupPath);
Console.WriteLine("Deleting file.....");
File.Delete(path);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine(uae.ToString());
}
Console.ReadLine();
}
所以该程序会导致< code>UnauthorizedAccessException (这是我所期望的),但我不明白的是 Demand() 允许该权限,SecurityManager 确认该权限是当然,但是在执行 File.Copy() 时,我确实遇到了异常。
虽然我很高兴看到 .NET 阻止了我,但为什么当我调用 Demand() 时它没有提前通知我?
我得到以下输出:
Am I an administrator? False Read access is permitted: C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll => True Write backup file is permitted: C:\Program Files\Microsoft Office\Office14\BCSLaunch.bak => True System.UnauthorizedAccessException: Access to the path 'C:\Program Files\Microsoft Office\Office14\BCSLaunch.bak' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite) at System.IO.File.Copy(String sourceFileName, String destFileName) at TryAndGetUACPrompt.Program.Main(String[] args) in C:\Users\..............
请有人帮助我理解为什么我收到冲突的信息?
--
更新 - 19:30 GMT
我已使用以下代码查看了源文件的 ACL:
Console.WriteLine("ACL Permissions for Source....");
FileSecurity fileSecurityForOriginalPath = new FileSecurity(path, AccessControlSections.Access);
foreach (FileSystemAccessRule rule in fileSecurityForOriginalPath.GetAccessRules(true,true,typeof(NTAccount)))
{
Console.WriteLine("{0} => {1}", rule.FileSystemRights, rule.AccessControlType);
}
输出如下:
ACL Permissions for Source.... FullControl => Allow FullControl => Allow ReadAndExecute, Synchronize => Allow
因此,我确实有权读取它。但是,我尝试使用此代码来查看备份路径的权限,显然,我收到一个异常,因为我的备份(目标)文件实际上并不存在,因此我无法检查权限在它上面。
接下来我将尝试另一个建议,将此检查移至另一种方法中。
更新 - 19:45 GMT
我已将读/写要求重构为另一种方法:
private static FileIOPermission CheckWriteAccess(string backupPath)
{
FileIOPermission writeAccess = new FileIOPermission(FileIOPermissionAccess.AllAccess, backupPath);
writeAccess.Demand();
return writeAccess;
}
private static FileIOPermission CheckReadAccess(string path)
{
FileIOPermission ioPerm = new FileIOPermission(FileIOPermissionAccess.Read, path);
ioPerm.Demand();
return ioPerm;
}
这些都返回正常,无异常。
因此,如果 .NET 安全性增强了 DACL,我想知道为什么它认为它会成功,如果实际上并非如此。
--
格林威治标准时间 19:57 更新
好的,我检查了目录的权限,而不是 backupFile(目标文件),并将其作为输出(使用 .GetAccessRules() 中的 AuthorizationRuleCollection 上的 foreach),
Checking write access in this directory.... FullControl => Allow 268435456 => Allow FullControl => Allow 268435456 => Allow FullControl => Allow 268435456 => Allow ReadAndExecute, Synchronize => Allow -1610612736 => Allow 268435456 => Allow
我使用了 Enum。 Format(typeof(FileSystemAccessRights),rule,"G") 来获取格式,有效地执行 ToString(),但我只是不确定这些数字是否正确。
输出上述内容的代码:
private static DirectorySecurity CheckWriteAccess(string backupPath)
{
DirectorySecurity writeAccess = new DirectorySecurity( Path.GetDirectoryName(backupPath),AccessControlSections.Access);
Console.WriteLine("Checking write access in this directory....");
foreach (FileSystemAccessRule rule in writeAccess.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine("{0} => {1}", Enum.Format(typeof(FileSystemRights),rule.FileSystemRights,"G"), rule.AccessControlType);
}
return writeAccess;
}
I was trying out the FileIOPermission in Windows 7 in .NET 3.5. I have been a Windows XP user and was granted this permission as I was an administrator
I wrote the following code, testing to see if I could write to C:\Program Files\Outlook......
static void Main(string[] args)
{
Console.WriteLine("Am I an administrator? " + new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
// Try and open a file in C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll
string path = @"C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll";
try
{
FileIOPermission ioPerm = new FileIOPermission(FileIOPermissionAccess.Read, path);
ioPerm.Demand();
string backupPath = Path.ChangeExtension(path, ".bak");
FileIOPermission writeAccess = new FileIOPermission(FileIOPermissionAccess.AllAccess, backupPath);
writeAccess.Demand();
Console.WriteLine("Read access is permitted: {0} => {1}",path,SecurityManager.IsGranted(ioPerm));
Console.WriteLine("Write backup file is permitted: {0} => {1}", backupPath, SecurityManager.IsGranted(writeAccess));
File.Copy(path, backupPath);
Console.WriteLine("File copied! {0}",backupPath);
Console.WriteLine("Deleting file.....");
File.Delete(path);
}
catch (UnauthorizedAccessException uae)
{
Console.WriteLine(uae.ToString());
}
Console.ReadLine();
}
So the program causes an UnauthorizedAccessException (which I expected), but what I don't understand is that the Demand() allows the permission, SecurityManager confirms that the permission is granted, but when performing the File.Copy() I do get the exception.
Although I am happy to see .NET is stopping me, why didn't it notify me earlier when I called Demand()?
I get the following output:
Am I an administrator? False Read access is permitted: C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll => True Write backup file is permitted: C:\Program Files\Microsoft Office\Office14\BCSLaunch.bak => True System.UnauthorizedAccessException: Access to the path 'C:\Program Files\Microsoft Office\Office14\BCSLaunch.bak' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite) at System.IO.File.Copy(String sourceFileName, String destFileName) at TryAndGetUACPrompt.Program.Main(String[] args) in C:\Users\..............
Please can someone help me understand why I am getting conflicting information?
--
Update - 19:30 GMT
I have looked through the ACLs of the source file using the following code:
Console.WriteLine("ACL Permissions for Source....");
FileSecurity fileSecurityForOriginalPath = new FileSecurity(path, AccessControlSections.Access);
foreach (FileSystemAccessRule rule in fileSecurityForOriginalPath.GetAccessRules(true,true,typeof(NTAccount)))
{
Console.WriteLine("{0} => {1}", rule.FileSystemRights, rule.AccessControlType);
}
The output is as follows:
ACL Permissions for Source.... FullControl => Allow FullControl => Allow ReadAndExecute, Synchronize => Allow
Therefore, I do have access to read it. However, I tried to use this code to view the permissions of the backup path and obviously, I get an exception as my backup (destination) file doesn't physically exist, so I can't check permissions on it.
I will next try another suggestion to move this check into another method.
Update - 19:45 GMT
I have refactored the Read/Write demands into another method:
private static FileIOPermission CheckWriteAccess(string backupPath)
{
FileIOPermission writeAccess = new FileIOPermission(FileIOPermissionAccess.AllAccess, backupPath);
writeAccess.Demand();
return writeAccess;
}
private static FileIOPermission CheckReadAccess(string path)
{
FileIOPermission ioPerm = new FileIOPermission(FileIOPermissionAccess.Read, path);
ioPerm.Demand();
return ioPerm;
}
These both return fine without exception.
Therefore if the .NET Security augments the DACLs, I wonder why it thinks it will be successful, if in reality it isn't.
--
Update 19:57 GMT
Okay, I checked the permissions of the Directory, not the backupFile (destination file) and got this as output (using a foreach on the AuthorizationRuleCollection from .GetAccessRules())
Checking write access in this directory.... FullControl => Allow 268435456 => Allow FullControl => Allow 268435456 => Allow FullControl => Allow 268435456 => Allow ReadAndExecute, Synchronize => Allow -1610612736 => Allow 268435456 => Allow
I used an Enum.Format(typeof(FileSystemAccessRights),rule,"G") to get the formatting, effectively doing the ToString(), but I just wasn't sure these numbers were correct.
Code to output the above:
private static DirectorySecurity CheckWriteAccess(string backupPath)
{
DirectorySecurity writeAccess = new DirectorySecurity( Path.GetDirectoryName(backupPath),AccessControlSections.Access);
Console.WriteLine("Checking write access in this directory....");
foreach (FileSystemAccessRule rule in writeAccess.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine("{0} => {1}", Enum.Format(typeof(FileSystemRights),rule.FileSystemRights,"G"), rule.AccessControlType);
}
return writeAccess;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
CAS IOPermisson 读/写仅授予您读取或写入的能力。它不会注意到文件系统级别权限 (ACL)。仔细检查文件夹上的 ACL :)
-Oisin
The CAS IOPermisson of read/write only grants you the ability to read or write. It takes no notice of filesystem level permissions (ACLs.) Examine the ACL on the folder a bit closer :)
-Oisin