I have a share folder ,which i want to grant access permission to few people only at certain times.i.e. while they try to access the folder ,i should be able to either allow or deny based on my wish.In short its run time access control ,not the static access control already present in windows. Is there a provision to hook a exe as such? I prefer to do it in C# .net
A:
The access control is checked when a user tries to perform a file operation on a file in the folder, so you should not need to have any additional run-time checks.
Also, Windows doesn't include a "hook" facility to allow or deny access to a folder by running a program when access is attemped.
Jeremy McGee
2010-03-01 07:36:30
+1
A:
So to accomplish such a task i would use the ACL from NTFS. Yes it is 'hardcoded' and can't be changed while someone access a file. But you can write a windows service which will change the ACL dynamically based on whatever you like.
So write a program that changes the ACL and windows does the rest. Some examples for doing such a task in C# can be found with a little google search:
- http://weblogs.asp.net/cumpsd/archive/2004/02/08/69403.aspx
- http://blog.crowe.co.nz/blog/archive/2007/08/25/c---An-example-of-setting-NTFS-Directory--File.aspx
- ...
Update
To grant or deny a permission you need a rule set. These rules can be checked within your application and this sets the NTFS permissions. What is missing?
Maybe you don't have this easy method to get an event about 'user is accessing file/folder foo, what should i do?'. But you can generate each second (if you like) or depending on a event (file/folder created, copied, deleted, renamed; specific date/time reached) a new rule set and just burn it down into ACL. Finished.
Update (again)
@Ravisha: But when do you know the rules if you grant or deny the access? These rules are defined beforehand.
You say the user X has access only from 8am to 15pm or only if file y exists (or something special is written into file y). For all these rules you have to write a program and this program doesn't evaluate the rules if you got the event 'x is trying to access y'. Instead you check the rules on a regular basis (e.g. once per minute) or some other event (file rules.config has been changed). And then you alter the NTFS permissions according to your rules.
Maybe this isn't the perfect solution. But the easiest one you can accomplish within windows. If you really like to do it the hard way, you can maybe take a look into File System Filter Drivers. But this is a hard task and far away from managed code.
Oliver
2010-03-01 09:35:01
This is to set the user permission on the go,this is half the answer:)Actual requirement is to grant or deny permission
Ravisha
2010-03-01 09:50:57
@OliverSuppose person X tries to access my folder,i should be able to either grant him or deny the permission.In the example what you sent it explains how to set the permissions,but main part is to get the event which is raised when person X access my folder.
Ravisha
2010-03-01 11:13:10
Oliver,If you have noticed ,the question itself is about run time permission not static permissions.
Ravisha
2010-03-04 06:16:11
@Ravisha: As already explained in my last paragraph, the only way for that would be File System Filter Drivers and that's a hard way to go. And the far easier way would be to change the static permissions at runtime like explained above.
Oliver
2010-03-04 07:17:12
A:
If a rootkit can do it, so can you. But I don't think you want to go there.
Why not put all you documents into some kind of file, with an extension that you control. If you doubleclick the file a winzip/explorer/... like interface will give access to the files in the cabinet, but only if you wish.
GvS
2010-03-02 08:42:33