在访问文件夹时运行 exe
我有一个共享文件夹,我想仅在特定时间向少数人授予访问权限。即,当他们尝试访问该文件夹时,我应该能够根据我的意愿允许或拒绝。简而言之,它的运行时访问控制,而不是 Windows 中已有的静态访问控制。 有没有办法挂钩这样的exe? 我更喜欢在 C# .net 中执行此操作
I have a share folder ,which i want to grant access permission to few people only at certain times.i.e. while they try to access the folder ,i should be able to either allow or deny based on my wish.In short its run time access control ,not the static access control already present in windows.
Is there a provision to hook a exe as such?
I prefer to do it in C# .net
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
因此,为了完成这样的任务,我将使用 NTFS 中的 ACL。是的,它是“硬编码”的,当有人访问文件时无法更改。但是您可以编写一个 Windows 服务,它将根据您喜欢的内容动态更改 ACL。
因此,编写一个更改 ACL 的程序,然后 Windows 完成其余的工作。通过一些 google 搜索就可以找到在 C# 中执行此类任务的一些示例:
更新
要授予或拒绝权限,您需要一个规则集。可以在您的应用程序中检查这些规则,这会设置 NTFS 权限。缺什么?
也许您没有这种简单的方法来获取有关“用户正在访问文件/文件夹 foo,我应该做什么?”的事件。但是您可以每秒(如果您愿意)或根据事件(文件/文件夹创建、复制、删除、重命名;达到特定日期/时间)生成新规则集,并将其烧录到 ACL 中。完成的。
(再次更新)
@Ravisha:但是如果您授予或拒绝访问权限,您什么时候知道规则?这些规则是预先定义的。
你说用户 X 只能在上午 8 点到下午 15 点之间或者只有文件 y 存在(或者文件 y 中写入了一些特殊内容)时才能访问。对于所有这些规则,您必须编写一个程序,如果您收到“x 正在尝试访问 y”事件,则该程序不会评估这些规则。相反,您定期检查规则(例如每分钟一次)或检查其他事件(文件rules.config已更改)。然后根据您的规则更改 NTFS 权限。
也许这不是完美的解决方案。但您可以在 Windows 中完成最简单的操作。如果您真的喜欢以困难的方式做到这一点,您可以查看 文件系统过滤器驱动程序。但这是一项艰巨的任务,距离托管代码还很远。
So to accomplish such a task i would use the ACL from NTFS. Yes it is 'hardcoded' and can't be changed while someone access a file. But you can write a windows service which will change the ACL dynamically based on whatever you like.
So write a program that changes the ACL and windows does the rest. Some examples for doing such a task in C# can be found with a little google search:
Update
To grant or deny a permission you need a rule set. These rules can be checked within your application and this sets the NTFS permissions. What is missing?
Maybe you don't have this easy method to get an event about 'user is accessing file/folder foo, what should i do?'. But you can generate each second (if you like) or depending on a event (file/folder created, copied, deleted, renamed; specific date/time reached) a new rule set and just burn it down into ACL. Finished.
Update (again)
@Ravisha: But when do you know the rules if you grant or deny the access? These rules are defined beforehand.
You say the user X has access only from 8am to 15pm or only if file y exists (or something special is written into file y). For all these rules you have to write a program and this program doesn't evaluate the rules if you got the event 'x is trying to access y'. Instead you check the rules on a regular basis (e.g. once per minute) or some other event (file rules.config has been changed). And then you alter the NTFS permissions according to your rules.
Maybe this isn't the perfect solution. But the easiest one you can accomplish within windows. If you really like to do it the hard way, you can maybe take a look into File System Filter Drivers. But this is a hard task and far away from managed code.
当用户尝试对文件夹中的文件执行文件操作时,将检查访问控制,因此您不需要进行任何额外的运行时检查。
此外,Windows 不包含“挂钩”功能,可在尝试访问时通过运行程序来允许或拒绝对文件夹的访问。
The access control is checked when a user tries to perform a file operation on a file in the folder, so you should not need to have any additional run-time checks.
Also, Windows doesn't include a "hook" facility to allow or deny access to a folder by running a program when access is attemped.
您可能可以包含一个 autorun.inf 文件,该文件将在文件夹打开和关闭资源管理器窗口中运行您的应用程序/当不允许某人进入时向上导航。有关详细信息,请参阅此处
You can probably include an autorun.inf file that will run your app on folder open and close explorer window/ navigate up when someone is not allowed to enter. For details look Here
如果 rootkit 可以做到这一点,那么您也可以。但我认为你不想去那里。
为什么不将所有文档放入某种文件中,并使用您控制的扩展名。如果双击该文件,类似 winzip/explorer/... 的界面将允许访问文件柜中的文件,但前提是您愿意。
If a rootkit can do it, so can you. But I don't think you want to go there.
Why not put all you documents into some kind of file, with an extension that you control. If you doubleclick the file a winzip/explorer/... like interface will give access to the files in the cabinet, but only if you wish.