Access control for files and directories (1) Access control List

The concept of permissions believe you are no stranger, then how to set a file access rights? Can the program implement dynamic control file permission information? The answer is yes,. NET can do this.

The Discretionary access Control List (sometimes abbreviated as ACLs) is a mechanism used by Microsoft Windows NT and later to protect resources, such as files and folders, discretionary access controls List,dacl. The DACL contains more than one access control entry (access Controls Entry,ace). An access control entry associates a principal (usually a user account or user account Group) with a rule that controls the use of a resource. With DACLs and Aces, you can allow or deny permissions on a resource based on the permissions associated with the user account. For example, you can create an ace and apply it to a DACL of a file to prevent anyone except an administrator from reading the file.

The System access control list (which is sometimes called an audit ACE) is a mechanism for controlling audit messages associated with resources. List,sacl Like a DACL, a SACL contains aces that define audit rules for a specified resource. Audit Aces allow you to record successful or failed attempts to access resources, but unlike Access Aces, Audit Aces do not control which accounts can use a resource. For example, you can create an ace and apply it to a SACL of a file to record all successful attempts to open the file.

The System.Security.AccessControl namespace provides access to access control lists (ACLs) through a number of convenient classes that abstract most of the complexity of the Windows ACL security system. In addition, the System.Security.AccessControl namespace includes several classes that provide advanced access to the Windows ACL security system.

The. NET framework provides access to ACLs on the following resources: encryption keys, directories, event wait handles, files, mutexes, registry keys, semaphores.

Each of these resources has several classes for creating and modifying ACLs, and this section focuses on access control for directories and files. These classes are as follows:
DirectorySecurity class

This class represents access control and audit security for a directory. This class specifies the access rights for the system directory and how the access attempts are audited. This class represents access and audit permissions as a set of rules, each of which is represented by a FileSystemAccessRule object, and each audit rule is represented by a FileSystemAuditRule object.
FileSecurity class

This class specifies access rights for system files and how to audit access attempts. This class represents access and audit permissions as a set of rules, each of which is represented by a FileSystemAccessRule object, and each audit rule is represented by a FileSystemAuditRule object. Use this class to retrieve, add, or change access rules that represent the DACL and SACL of a file.

The DirectorySecurity class and the FileSecurity class are abstractions of the underlying Microsoft Windows file security system. In this system, each directory has a discretionary access control list (DACL) and a system access control List (SACL), which controls access to the directory, which specifies the access control attempts to audit. The FileSystemAccessRule and FileSystemAuditRule classes are abstractions of access control entries (Aces) that make up a DACL and a SACL.

------------------Note: This part of the content is adapted from the. NET Security Revelation "

Author: Hyun-Soul

Source: http://www.cnblogs.com/xuanhun/

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/net/