C# file creation - how to grant IUSR DELETE ?

Question

I've got a console program written in C# which runs under user foo. The program creates a file. In some situations a web application running under the IUSR needs to be able to delete the files created by the console app.

I'd like to grant DELETE (or anything equivalent) to IUSR when the file is created. How can I do that in C# ?

I've found FileIOPermission and I'm not sure what that's for but as you can't specify a particular user I'm pretty sure that's now what I need.

Anyone got a good pointer on how to do this ?

[By the way I realise that in some circs granting the IUSR DELETE rights on any files would be a reasonably dodgy thing to do but in this case the nature of the files involved means I'm happy to grant these rights to IUSR]

Answer 1

Use the Windows Explorer -> select the directory where the file resides -> right-click -> Properties -> Security tab -> give the "Modify" right to the IUSR_xxx user account.

I presume that you have physical access to the computer that runs both the console app and the web app.

Edited: for programmatic setting of ntfs permissions you need to fiddle around with the System.Security.AccessControl.FileSecurity class and the File.SetAccessControl method.

Hope it helps.

Answer 2

A quick google search produced Setting NTFS Permissions with C#

Answer 3

@Sabau - thanks for your response. I was wanting to set the permissions programmatically rahter than via the user interface.

Answer 4

@browning : yes I found that too but the link to 'gotodotnet' sample is dead and searching the replacement web site doesn't pull up anything named 'ACLs in .NET'

Answer 5

@Sabau: thanks for the amendment to your answer - it inspired me to try again and this time I seem to have got it worked out. I wrote a little test program so that others can see how it's done. For my testing I gave the IUSR full control but obviously you can add/deny whatever you like.

    using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Permissions;
using System.Security.Principal;
using System.Security.AccessControl;

namespace GrantingFilePermsTests
{
    class Program
    {
 static void Main(string[] args)
 {
     string strFilePath1 = "E:/1.txt";
     string strFilePath2 = "E:/2.txt";

     if (File.Exists(strFilePath1))
     {
  File.Delete(strFilePath1);
     }
     if (File.Exists(strFilePath2))
     {
  File.Delete(strFilePath2);
     }

     File.Create(strFilePath1);
     File.Create(strFilePath2);
     // Get a FileSecurity object that represents the
     // current security settings.
     FileSecurity fSecurity = File.GetAccessControl(strFilePath1);

     // Add the FileSystemAccessRule to the security settings.
     fSecurity.AddAccessRule(new FileSystemAccessRule("IUSR_SOMESERVER",FileSystemRights.FullControl,AccessControlType.Allow));

     // Set the new access settings.
     File.SetAccessControl(strFilePath1, fSecurity);



     }
    }
}

Thanks to all for their replies.