. Net (C #): Use Ram to create a file that only the current user can access.

When creating a file, except for some basic file attributes (Creation Time, modification time ......), The system also saves the user name and group name of the created file. These security information is also known as "Security Descriptor ). The security description can contain not only the user information of the Creator. The special requirements for user authentication for saving the file are to describe the permissions of the specified user on the file. For example, user a can perform any operations on the file. User B can only read (ACCESS) but cannot modify it. User C cannot perform any operations on the file (the file is invisible to him ). The security description item can also contain the system access control list. You can set certain permissions to perform operations and then feed the relevant information back to the System Security Event Book.

 

Well, if you use the conventional method to create a file, the access control in the file security information is default. This default means: it can be blank, it can also be the access control of the inherited directory (if the directory has the corresponding access control and inheritance options ). For example, in the simplest example, I create a file on my desktop, which is obviously accessible to other administrators but restricted to users. This is because the Desktop Folder is located in the user account folder and inherits the file system access control settings of the relevant user directory (user folder: Windows Vista + in the users folder, windows XP in the Documents and Settings folder ).

 

(On the "Security" tab of the file property menu, you can browse or modify specific security settings. Of course, not all users have the permission to access or modify these settings)

As you can see, my account (mgen) has all control over the file (full control allow has a check mark ), at the same time, the above "group or user name" does not have users groups or guest users, which means they are not accessible at all.

 

If you find a file on drive D, it is obvious that restricted users can access the file by default. The users user group appears, but restricted users can only access or execute the file and cannot modify it.

 

The system. Security. accesscontrol namespace in. NET provides access control for Windows systems. If you are familiar with Windows Access control but do not understand it. for more information about the packaging API in. net, see my other article: Introduction to Windows Access Control in. net (C #) Implementation (ACE, SD, DACL, SACL ).

 

The security description cannot be used to create the security object. This is obtained through windowsidentity. getcurrent (A windowsidentity object inheriting iidentity is returned). getcurrent indicates that the current Windows User ID is returned.

 

The security description for the file system object is system. Security. accesscontrol. filesystemsecurity. Because of the operating file, we use its derived class filesecurity. Finally, add the access control object to the access control list and use the filestream constructor to create such a file with an explicit Access Control definition.

 

Code:

Try

{

// Using system. Security. Principal;

// Using system. Security. accesscontrol;

// Using system. IO;

 

// Obtain the current user's windowsidentity

VaR currentidentity = windowsidentity. getcurrent ();

// Create an access rule (only add full control for the current user)

VaR accessrule = new filesystemaccessrule (currentidentity. User, filesystemrights. fullcontrol, accesscontroltype. Allow );

// Create a security Description: The filesecurity object for the file.

VaR filesecur = new filesecurity ();

// Add an access rule

Filesecur. addaccessrule (accessrule );

 

// Use the filestream constructor to create a file with an explicit access rule

Var file = new filestream ("text.txt", filemode. Create, filesystemrights. Write, fileshare. None, 1024, fileoptions. None, filesecur );

VaR bytes = encoding. ASCII. getbytes ("hello ");

File. Write (bytes, 0, bytes. Length );

File. Close ();

 

Console. writeline ("created successfully ");

}

Catch (exception ex)

{

Console. writeline ("error: {0}", Ex. Message );

}

 

Open the properties of this file and you can see that only the current user can operate the file: