I have winforms app, in which I need to access a secured directory. I'm using impersonation and create WindowsIdentity to access the folder.
My problem is writing unit tests to test the directory security; I'd like to a write a code that creates a directory secured to only ONE user, which isn't the current user running the UT (or else the test would be worthless).
I know how to add permissions to a certain user, but how can I deny the rest, including admins? (in case the user running the UT is an admin) (will this be a wise thing to do?)
DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();
directorySecurity.AddAccessRule(new FileSystemAccessRule("Domain\SecuredUser",
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow));
directorySecurity.RemoveAccessRule(new FileSystemAccessRule("??",
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Deny));
directoryInfo.SetAccessControl(directorySecurity);
This isn't working. I don't know who am I supposed to deny. Domain\Admins, Domain\Administrators, me... No one is being denied, and when I check folder's security - The SecuredUser has access to the folder, but the permissions are not checked, even though I specified FullControl.
Basically I want to code this:
<authorization>
<allow users ="Domain\User" />
<deny users="*" />
</authorization>
I was thinking about impersonating UT run with a weak user with no permissions, but this would result in: Impersonate -> Run UT -> Impersonate -> Access folder, and I'm not sure if this is the right design.
Help would be greatly appreciated, thank you.