Obtaining Security/Audit Information

Example 17-15. Obtaining security audit information

public static void ViewFileRights() { // Get security information from a file. string file = @"c:\FOO.TXT"; FileSecurity fileSec = File.GetAccessControl(file); DisplayFileSecurityInfo(fileSec); } public static void DisplayFileSecurityInfo(FileSecurity fileSec) { Console.WriteLine("GetSecurityDescriptorSddlForm: {0}", fileSec.GetSecurityDescriptorSddlForm(AccessControlSections.All)); foreach (FileSystemAccessRule ace in fileSec.GetAccessRules(true, true, typeof(NTAccount))) { Console.WriteLine("\tIdentityReference.Value: {0}", ace.IdentityReference.Value); Console.WriteLine("\tAccessControlType: {0}", ace.AccessControlType); Console.WriteLine("\tFileSystemRights: {0}", ace.FileSystemRights); Console.WriteLine("\tInheritanceFlags: {0}", ace.InheritanceFlags); Console.WriteLine("\tIsInherited: {0}", ace.IsInherited); Console.WriteLine("\tPropagationFlags: {0}", ace.PropagationFlags); Console.WriteLine("-----------------\r\n\r\n"); } foreach (FileSystemAuditRule ace in fileSec.GetAuditRules(true, true, typeof(NTAccount))) { Console.WriteLine("\tIdentityReference.Value: {0}", ace.IdentityReference.Value); Console.WriteLine("\tAuditFlags: {0}", ace.AuditFlags); Console.WriteLine("\tFileSystemRights: {0}", ace.FileSystemRights); Console.WriteLine("\tInheritanceFlags: {0}", ace.InheritanceFlags); Console.WriteLine("\tIsInherited: {0}", ace.IsInherited); Console.WriteLine("\tPropagationFlags: {0}", ace.PropagationFlags); Console.WriteLine("-----------------\r\n\r\n"); } Console.WriteLine("GetGroup(typeof(NTAccount)).Value: {0}", fileSec.GetGroup(typeof(NTAccount)).Value); Console.WriteLine("GetOwner(typeof(NTAccount)).Value: {0}", fileSec.GetOwner(typeof(NTAccount)).Value); Console.WriteLine("---------------------------------------\r\n\r\n\r\n"); }

These methods produce the following output:

 GetSecurityDescriptorSddlForm: O:BAG:SYD:PAI(A;;FA;;;SY)(A;;FA;;;BA)
     IdentityReference.Value: NT AUTHORITY\SYSTEM
     AccessControlType: Allow
     FileSystemRights: FullControl
     InheritanceFlags: None
     IsInherited: False
     PropagationFlags: None
 -----------------

     IdentityReference.Value: BUILTIN\Administrators
     AccessControlType: Allow
     FileSystemRights: FullControl
     InheritanceFlags: None
     IsInherited: False
     PropagationFlags: None
 -----------------

Example 17-16. Getting security or audit information for a registry key

public static void ViewRegKeyRights() { // Get security information from a registry key. using (RegistryKey regKey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\MyCompany\MyApp")) { RegistrySecurity regSecurity = regKey.GetAccessControl(); DisplayRegKeySecurityInfo(regSecurity); } } public static void DisplayRegKeySecurityInfo(RegistrySecurity regSec) { Console.WriteLine("GetSecurityDescriptorSddlForm: {0}", regSec.GetSecurityDescriptorSddlForm(AccessControlSections.All)); foreach (RegistryAccessRule ace in regSec.GetAccessRules(true, true, typeof(NTAccount))) { Console.WriteLine("\tIdentityReference.Value: {0}", ace.IdentityReference.Value); Console.WriteLine("\tAccessControlType: {0}", ace.AccessControlType); Console.WriteLine("\tRegistryRights: {0}", ace.RegistryRights.ToString()); Console.WriteLine("\tInheritanceFlags: {0}", ace.InheritanceFlags); Console.WriteLine("\tIsInherited: {0}", ace.IsInherited); Console.WriteLine("\tPropagationFlags: {0}", ace.PropagationFlags); Console.WriteLine("-----------------\r\n\r\n"); } foreach (RegistryAuditRule ace in regSec.GetAuditRules(true, true, typeof(NTAccount))) { Console.WriteLine("\tIdentityReference.Value: {0}", ace.IdentityReference.Value); Console.WriteLine("\tAuditFlags: {0}", ace.AuditFlags); Console.WriteLine("\tRegistryRights: {0}", ace.RegistryRights.ToString()); Console.WriteLine("\tInheritanceFlags: {0}", ace.InheritanceFlags); Console.WriteLine("\tIsInherited: {0}", ace.IsInherited); Console.WriteLine("\tPropagationFlags: {0}", ace.PropagationFlags); Console.WriteLine("-----------------\r\n\r\n"); } Console.WriteLine("GetGroup(typeof(NTAccount)).Value: {0}", regSec.GetGroup(typeof(NTAccount)).Value); Console.WriteLine("GetOwner(typeof(NTAccount)).Value: {0}", regSec.GetOwner(typeof(NTAccount)).Value); Console.WriteLine("---------------------------------------\r\n\r\n\r\n"); }

These methods produce the following output:

 GetSecurityDescriptorSddlForm: O:S-1-5-21-329068152-1383384898-682003330-1004G:S-1-
 5-21-329068152-1383384898-682003330-513D:
 AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CI
 IOID;GA;;;SY)(A;ID;KA;;;S-1-5-21-329068152-1383384898-682003330-
 1004)(A;CIIOID;GA;;;CO)
     IdentityReference.Value: BUILTIN\Users
     AccessControlType: Allow
     RegistryRights: ReadKey
     InheritanceFlags: None
     IsInherited: True
     PropagationFlags: None
 -----------------

     IdentityReference.Value: BUILTIN\Users
     AccessControlType: Allow
     RegistryRights: -2147483648
     InheritanceFlags: ContainerInherit
     IsInherited: True
     PropagationFlags: InheritOnly
 -----------------

     IdentityReference.Value: BUILTIN\Administrators
     AccessControlType: Allow
     RegistryRights: FullControl
     InheritanceFlags: None
     IsInherited: True
     PropagationFlags: None
 -----------------

     IdentityReference.Value: BUILTIN\Administrators
     AccessControlType: Allow
     RegistryRights: 268435456
     InheritanceFlags: ContainerInherit
     IsInherited: True
     PropagationFlags: InheritOnly
 -----------------

     IdentityReference.Value: NT AUTHORITY\SYSTEM
     AccessControlType: Allow
     RegistryRights: FullControl
     InheritanceFlags: None
     IsInherited: True
     PropagationFlags: None
 -----------------

     IdentityReference.Value: NT AUTHORITY\SYSTEM
     AccessControlType: Allow
     RegistryRights: 268435456
     InheritanceFlags: ContainerInherit
     IsInherited: True
     PropagationFlags: InheritOnly
 -----------------

     IdentityReference.Value: OPERATOR-C1EFE0\Admin
     AccessControlType: Allow
     RegistryRights: FullControl
     InheritanceFlags: None
     IsInherited: True
     PropagationFlags: None
 -----------------

     IdentityReference.Value: CREATOR OWNER
     AccessControlType: Allow
     RegistryRights: 268435456
     InheritanceFlags: ContainerInherit
     IsInherited: True
     PropagationFlags: InheritOnly
 -----------------

 GetGroup(typeof(NTAccount)).Value: OPERATOR-C1EFE0\None
 GetOwner(typeof(NTAccount)).Value: OPERATOR-C1EFE0\Admin
 ---------------------------------------

Table 17-1. List of all *Security and *AccessRule objects and the types to which they apply

Class	Object returned by the GetAccessControl method	Rule-object type contained within the security object
Directory	DirectorySecurity	FileSystemAccessRule
DirectoryInfo	DirectorySecurity	FileSystemAccessRule
EventWaitHandle	EventWaitHandleSecurity	EventWaitHandleAccessRule
File	FileSecurity	FileSystemAccessRule
FileInfo	FileSecurity	FileSystemAccessRule
FileStream	FileSecurity	FileSystemAccessRule
Mutex	MutexSecurity	MutexAccessRule
RegistryKey	RegistrySecurity	RegistryAccessRule
Semaphore	SemaphoreSecurity	SemaphoreAccessRule

The abstraction of a system object's DACL through the *Security objects and the abstraction of a DACL's ACE through the *AccessRule objects allows easy access to the security privileges of that system object. In previous versions of the .NET Framework, these DACLs and their ACEs would have been accessible only in unmanaged code. With the latest .NET Framework, you now have access to view and program these objects.

See Also

See Recipe 17.14; see the "System.IO.File.GetAccessControl Method," "System. Security.AccessControl.FileSecurity Class," "Microsoft.Win32.RegistryKey.GetAccessControl Method," and "System.Security.AccessControl.RegistrySecurity Class" topics in the MSDN documentation.