 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / New Users / May 2004Problems with security issues
Hi: I'm writing an application that connects to a server and downloads and stores files in subdirectories of the application's folder. This has worked fine...up until I tested the application on an XP limited account. It didn't work on the limited account. One of the first thing my client does is to create a log file to store various errors and messages. If I start up the application for the first time in the limited account, it refuses to let me create the file. My client also stores files from the server for quick access in later retrievals. I would imagine this won't work either. How do I make my application able to store files while in a limited account? I've only been writing C# for about 6 months now, so there are a lot of topics I haven't yet learned about. Right now, my application stores the files in directories based on settings in the app.config file from within the app's directory. Based on the app's directory, the relative paths are appended to the app's current directory, and that is where all the logs and stored files go. Up to now, this has worked. If this isn't possible for limited accounts, what method should be used? I know alot of programs have personal settings based on the user. I don't really know how they do that; so, if this is needed, could someone guide me to a resource that covers programming per user. Thanks in advance for any help provided. Steve Are you getting "Access is denied" exceptions, or something else? If it's access denied, then you have to grant your application identity access rights to the folders you want to use (or, use folders you already have access rights to). Nick Holmes. > Hi: > [quoted text clipped - 28 lines] > > Steve I am getting "Access is denied" exceptions. I am writing an msi installer, so this will be used by people with varying access rights. Of course, it will need to be installed by someone with admin rights, but I would imagine it would also be used by users with limited access. How do you grant an application access rights. Is that done in the installation? I've skimmed over some of the topics in the MSDN on security, but haven't quite gotten how that works. If an application asks for specific rights, is that kept by the computer, or does the app have to keep asking for those rights? To me, I don't see how that would help, since the first time a limited account used the application, it would fail. But I'm sure I'm probably missing something in this. >Are you getting "Access is denied" exceptions, or something else? > [quoted text clipped - 36 lines] >> >> Steve Your application can only do what your user has permissions to do. You can't have the application expand it rights beyond this, programmatically (that would not be at all secure). So, if you application requires certain permissions setting up, they you'll need to describe these in the installation manual, and have the sys admin sort it out before installation. You can set up file ACLs via Explorer, for example. Nick Holmes. > I am getting "Access is denied" exceptions. > [quoted text clipped - 52 lines] > >> > >> Steve Having a program that can only can go past the rights of the user seems to me to be overkill. It would prevent a whole line of applications from being written. Granted, I shouldn't be able to write a program that any user can access that can modify files on the system. But at the same token, some legitimate acceptions to that do occur. Some programs need to have stronger access rights. Web browsers, for example, obviously needs to be able to save files to the hard drive for it's temporary internet cache...and surprisingly enough, they can. A newsreader program needs to save files on the hard drive so that the user can reread those files at a later time. Mail programs are similar. And these programs usually have settings, as well, for the users. If I have a limited account, these programs obviously are storing these files somewhere. The question is where and how. Along these lines, if I end up having to have custom configurations per user, is there a standard config file to hold these. This definitely, in my opinion, limits some of the uses for the app.config file. Although I haven't looked yet, I'm sure there are ways to get the environmental variables holding the current user's identity, as well as the directory in which they store their files. I just don't know what those variables are, or which configuration file to use to access these files. One idea. Is it possible to programmatically setup a union of permissions durring the installation. Since only an admin can install, this would ensure that these settings would be done legitimately.I don't know the specifics, but I would probably want to setup the permissions based on the strong name of the application. I would also probably want to remove the permission during uninstall. During install, I could use the target path as the base class for the file io permissions. Then, within the app, I could test for permissions against the current directory at startup of the application. >Your application can only do what your user has permissions to do. You can't >have the application expand it rights beyond this, programmatically (that [quoted text clipped - 63 lines] >> >> >> >> Steve Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.