tags:

views:

198

answers:

3
+1  Q: 

File handling with non-administrative user.

I've been testing my application to see how well it works when run by a non-administrative user, and I have found problems with file handling. I am getting an UnauthorizedAccessException when trying to overwrite a file, if the file was created by and adminstrative user.

When writing out the file I first create the file as a .tmp file, then use File.Copy to overwrite the original. The .tmp file gets created, but File.Copy fails. My files are written to a public directory ("C:\Documents and Settings\All Users\Application Data" in XP).

What can I do so that all users can have full control of the application files?

I've found this:

        System.Security.AccessControl.DirectorySecurity sec =  
                                System.IO.Directory.GetAccessControl ( directory );  
        FileSystemAccessRule accRule = new FileSystemAccessRule ( Globals.userIdentity,  
             FileSystemRights.FullControl, AccessControlType.Allow );  
        sec.AddAccessRule ( accRule );

Will doing the above to the directory that all the files are located in solve this problem? Or will I have to do something to each file? If so what is that something?

Edit:

Non-admin users cannot modify files created by an admin user. This is not good. I need for all files to be editable by all users. Is there not some sort of permissions that can be set when the file is originally created that will grant this?

+1  A: 

This code would give the user full access rights to the folder, however, this might fail on security again.

The best way to make sure your application can always store information is trough the IsolatedStorage. However if you need access to your files outside your application then this is not the best solution.

Jonathan van de Veen  2009-09-17 08:42:45
Some file may require access from outside the application. Since this is the case, what should I do?
Dan Vogel  2009-09-17 22:44:05
You could try and go with the users own Application Data folder. By default they should have access to that without being an admin.You can get that path for a user with Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData)This does mean that application data is not shared between users.HTH.
Jonathan van de Veen  2009-09-18 08:17:16
The application data needs to be shared for all users. That's why I am using the All Users\Application Data directory. Its just that the files created when logged in as an admin user cannot be modified by non-admin users.
Dan Vogel  2009-09-18 21:20:59
In that case, the above code you've written should work whenever you're logged in as an admin. You should detect if you have rights to do this first.
Jonathan van de Veen  2009-09-21 07:36:25
Admin users are not the problem. The problem is that non-admin users cannot modify files created by an admin user.
Dan Vogel  2009-09-21 18:48:21
Which is exactly my point. To make sure your other users have access to the admins files is by having the admin automatically give the other users access as files are created by the admin. So whenever you have rights to change the ACL, give access to everyone.
Jonathan van de Veen  2009-09-22 06:43:08
+1  A: 

I just checked the permissions on the All Users\Application Data directory. The "Users" and "Power Users" ACLs do not have the "Delete Subfolders and Files" permission.

They can delete their own files because the "CREATOR OWNER" ACL has Full Control.

As for how to get around this, you could give everyone all access, but a better idea would be to grant the "Users" & "Power Users" ACLs the "Delete Subfolders and Files" permission on your app's appdata directory.

Alternately, you could assign the "Delete" and "Modify" permissions on the file itself for "Users" and "Power Users" when it's created.

R. Bemrose  2009-09-21 19:05:57
+1  A: 

How about if you use similar code to give everyone full access to the file after it has been created ? If I understand you correctly the files will always be created with your application, right ? Then the user that creates the file in the first place will also have rights to adjust security settings for the file. Then it's just a question of setting public rights to the file once it is created and all users are able to replace the file later on.

sindre j  2009-09-21 19:23:10
This is what I've done, but gave the answer credits to R. Bemrose since it was with his answer that I came to the solution. Thanks though.
Dan Vogel  2009-09-24 17:31:40

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?