ACL support in the BCL

Brian Dewey gives a nice post on why you should care about ACLs... As you may know we plan to add ACL support to the BCL in Whidbey.. check out Kit's PDC presentation for more info.  Here is some examples from that presenation... does it look like we are hitting the sweet-spot here?

Enable the ability to view and edit ACLs  on objects in the filesystem, from managed code

 

// how it might look for Directory…

DirectorySecurity ds = new DirectorySecurity();

 

ds.AddAccess (“MYDOMAIN\SomePerson”, AccessControlType.Deny,

      AclAccess.View | AclAccess.Change, FileAccess.ReadWrite );

 

Directory.SetAccessControl ( @“c:\temp”, ds );

 

 

 

Critical capability is setting the ACL at the point a file/directory is created

 

FileSecurity fs = new FileSecurity();

fs.AddAccess( new FileAccessTrustee( new NTAccount(“MYDOMAIN”, “SomeGroup”),       AccessControlType.Deny,       AclAccess.View | AclAccess.Change, FileAccess.Read |       FileAccess.Write));

 

using (FileStream file = new FileStream(“foo.txt”, FileMode.Create,    FileAccess.Write, FileShare.None, 4096,   false, fs ) ) {

            // write to the file…

 

 

 

Published 21 January 04 12:05 by BradA
Filed under:

Comments

# Mike Marshall said on January 21, 2004 1:43 PM:
This is a welcomed addition (that is an uderstatement). Anyone who has mucked around with raw ACLs just to set security on files or directories can tell this will save about 2 days of parsing the WinAPI docs figuring how to create an ACL from scratch and then apply it to a resource (file, directory, registry key, etc).
# Justin Rogers said on January 21, 2004 2:15 PM:
I am assuming there is an EASY way to get at the ACL's as well. Exception'al (haha) programming definitely incurs performance hits in the CLR and trying to actually gain access to a file, only to throw an exception telling me I don't have access isn't cool. Possibly some easy helper methods/properties like CanRead/CanWrite?

I'm also hoping that access to these methods is protected by a new code access permission?
# Matthew Douglass said on January 21, 2004 3:16 PM:
Will there be a constructor version available for FileStream that doesn't require setting all of those parameters but still provides ACL support? I know I'd certainly want to be able to leave things light buffer size at their default values while still getting access to easy ACL support.
# sebastien lambla said on January 22, 2004 3:16 AM:
don't you think it would be time NOT to allow the old DOMAIN\Username form, and adopt the active directory friendly user@domain ?
# Paul Laudeman said on January 22, 2004 5:28 AM:
Nice! I'm definitely looking forward to this capability.
# Louis Parks said on January 23, 2004 7:54 PM:
If you don't allow domain\username form, then you are cutting off support for everyone who doesn't use AD. I don't see the wisdom in that. What's wrong with supporting both?
# SteveC said on January 27, 2004 1:55 PM:
Wow.

Please name the crew working on this, I want to buy lunch(es) for them to backport it to Framework v1.1 so I can use it *now*.

# Stefan Demetz said on February 3, 2004 4:12 PM:
# stefan demetz said on February 3, 2004 1:13 PM:
Excellent stuff.. wasn't there a sample on gotdotnet a while ago?
# John Bristowe said on February 3, 2004 6:18 PM:
Rock and roll! I've been waiting for ACL support in the BCLs for a very long time! Awesome news.
New Comments to this post are disabled

Search

Go

This Blog

本博客中文版 (View in Chinese)



These postings are provided "AS IS" with no warranties, and confer no rights.

Syndication

Page view tracker