. Net (C #): Add audit rules (audit rule) to the File Access Control List)

If you are not familiar with Windows Access Control, we recommend that you read this article first:

Implementation of Windows Access Control in. Net (C #) (ACE, SD, DACL, SACL)

 

We know that in the system access control list (SACL), Ace is the audit rule. In. net, the system. Security. accesscontrol namespace contains the audit rule (audit rule) related types. The most common audit rule application object is a file or registry key.

For example, create a file with. NET and add an audit rule. This audit rule specifies that the corresponding message will be written to the Windows Security Event directory whenever the file is successfully modified.

Code:

// + Using system. Security. accesscontrol;

// + Using system. Security. Principal;

// + Using system. IO;

Try

{

// Create an audit project

VaR ACE = new filesystemauditrule (windowsidentity. getcurrent (). user,

Filesystemrights. Modify,

Auditflags. Success );

// Create an access control list

VaR SACL = new filesecurity ();

// Add a review project

SACL. addauditrule (ACE );

// Create a file

File. writealltext ("test.txt", "mgen ");

// Write audit information

File. setaccesscontrol ("test.txt", SACL );

}

Catch (exception ex)

{

Console. writeline (Ex );

Console. readkey (true );

}

 

After running, the user modifies the test.txt text file under the program directory. A new message is generated in the Windows Security Event directory:

 

Of course, the specific audit information of a file can be viewed (or modified) through "file attributes"-"security"-"advanced"-"Review ):