Login/Register
ACL Check/Management in C#
Asked Answered
c#windowssecurityacl
O

1

6

I am wondering if there is a way to check a users permissions against an ACL in c#. I am building a large system that is going to use active directory for authentication and I would like to use as much of windows security plumbing as I can. After spending the last couple of hours browsing the System.Security.AccessControl I am not sure that it provides an easy way to check a users token against its ACL list. It looks like it is much more geared to manipulating windows security descriptors although there are enough abstract classes to implement a custom system.

I have looking at the Authz APIs which seem to much more flexible and have a function (AuthzAccessCheck) which allows the context to be checked against the security descriptor. I am not opposed at all to wrapping them if I need to.

Has anyone else had a similar problem and if so what were the pros and cons as you saw them?

Overheat answered 22/7, 2009 at 19:12 Comment(5)
I am trying to use System.Security.AccessControl for my security concerns in my web applications (not files and folders), did you come up with anything that could be shared please? thanksDeirdredeism
I used Authz and built a wrapper for it.Overheat
Do you know any resources for Authz? I googled it and I found just msdn websites which is in C++. I already found nAcl which is an access control library, but it doesn't satisfy my requirementsDeirdredeism
No. I used the MSDN docs windbg to figure it out.Overheat
It seems like a time-consuming job. I followed that nAcl. Thanks anyway.Deirdredeism
P
1

How is the ACL stored and accessed? Is it possible to have the ACL entries converted to a PrincipalPermission object? If so then you can use the Demand() method to check for access rights, it throws a SecurityException if the users does not have access.

Paddock answered 11/7, 2010 at 22:46 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.