Export (0) Print
Expand All

FileSecurity Class

Represents the access control and audit security for a file. This class cannot be inherited.

Namespace:  System.Security.AccessControl
Assembly:  mscorlib (in mscorlib.dll)

public sealed class FileSecurity : FileSystemSecurity

The FileSecurity type exposes the following members.

  NameDescription
Public methodFileSecurity()Initializes a new instance of the FileSecurity class.
Public methodFileSecurity(String, AccessControlSections)Initializes a new instance of the FileSecurity class from a specified file using the specified values of the AccessControlSections enumeration.
Top

  NameDescription
Public propertyAccessRightTypeGets the enumeration that the FileSystemSecurity class uses to represent access rights. (Inherited from FileSystemSecurity.)
Public propertyAccessRuleTypeGets the enumeration that the FileSystemSecurity class uses to represent access rules. (Inherited from FileSystemSecurity.)
Public propertyAreAccessRulesCanonicalGets a Boolean value that specifies whether the access rules associated with this ObjectSecurity object are in canonical order. (Inherited from ObjectSecurity.)
Public propertyAreAccessRulesProtectedGets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this ObjectSecurity object is protected. (Inherited from ObjectSecurity.)
Public propertyAreAuditRulesCanonicalGets a Boolean value that specifies whether the audit rules associated with this ObjectSecurity object are in canonical order. (Inherited from ObjectSecurity.)
Public propertyAreAuditRulesProtectedGets a Boolean value that specifies whether the System Access Control List (SACL) associated with this ObjectSecurity object is protected. (Inherited from ObjectSecurity.)
Public propertyAuditRuleTypeGets the type that the FileSystemSecurity class uses to represent audit rules. (Inherited from FileSystemSecurity.)
Top

  NameDescription
Public methodAccessRuleFactoryInitializes a new instance of the FileSystemAccessRule class that represents a new access control rule for the specified user, with the specified access rights, access control, and flags. (Inherited from FileSystemSecurity.)
Public methodAddAccessRule(FileSystemAccessRule)Adds the specified access control list (ACL) permission to the current file or directory. (Inherited from FileSystemSecurity.)
Public methodAddAuditRule(FileSystemAuditRule)Adds the specified audit rule to the current file or directory. (Inherited from FileSystemSecurity.)
Public methodAuditRuleFactoryInitializes a new instance of the FileSystemAuditRule class representing the specified audit rule for the specified user. (Inherited from FileSystemSecurity.)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetAccessRulesGets a collection of the access rules associated with the specified security identifier. (Inherited from CommonObjectSecurity.)
Public methodGetAuditRulesGets a collection of the audit rules associated with the specified security identifier. (Inherited from CommonObjectSecurity.)
Public methodGetGroupGets the primary group associated with the specified owner. (Inherited from ObjectSecurity.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetOwnerGets the owner associated with the specified primary group. (Inherited from ObjectSecurity.)
Public methodGetSecurityDescriptorBinaryFormReturns an array of byte values that represents the security descriptor information for this ObjectSecurity object. (Inherited from ObjectSecurity.)
Public methodGetSecurityDescriptorSddlFormReturns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodModifyAccessRuleApplies the specified modification to the Discretionary Access Control List (DACL) associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
Public methodModifyAuditRuleApplies the specified modification to the System Access Control List (SACL) associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
Public methodPurgeAccessRulesRemoves all access rules associated with the specified IdentityReference. (Inherited from ObjectSecurity.)
Public methodPurgeAuditRulesRemoves all audit rules associated with the specified IdentityReference. (Inherited from ObjectSecurity.)
Public methodRemoveAccessRule(FileSystemAccessRule)Removes all matching allow or deny access control list (ACL) permissions from the current file or directory. (Inherited from FileSystemSecurity.)
Public methodRemoveAccessRuleAll(FileSystemAccessRule)Removes all access control list (ACL) permissions for the specified user from the current file or directory. (Inherited from FileSystemSecurity.)
Public methodRemoveAccessRuleSpecific(FileSystemAccessRule)Removes a single matching allow or deny access control list (ACL) permission from the current file or directory. (Inherited from FileSystemSecurity.)
Public methodRemoveAuditRule(FileSystemAuditRule)Removes all matching allow or deny audit rules from the current file or directory. (Inherited from FileSystemSecurity.)
Public methodRemoveAuditRuleAll(FileSystemAuditRule)Removes all audit rules for the specified user from the current file or directory. (Inherited from FileSystemSecurity.)
Public methodRemoveAuditRuleSpecific(FileSystemAuditRule)Removes a single matching allow or deny audit rule from the current file or directory. (Inherited from FileSystemSecurity.)
Public methodResetAccessRule(FileSystemAccessRule)Adds the specified access control list (ACL) permission to the current file or directory and removes all matching ACL permissions. (Inherited from FileSystemSecurity.)
Public methodSetAccessRule(FileSystemAccessRule)Sets the specified access control list (ACL) permission for the current file or directory. (Inherited from FileSystemSecurity.)
Public methodSetAccessRuleProtectionSets or removes protection of the access rules associated with this ObjectSecurity object. Protected access rules cannot be modified by parent objects through inheritance. (Inherited from ObjectSecurity.)
Public methodSetAuditRule(FileSystemAuditRule)Sets the specified audit rule for the current file or directory. (Inherited from FileSystemSecurity.)
Public methodSetAuditRuleProtectionSets or removes protection of the audit rules associated with this ObjectSecurity object. Protected audit rules cannot be modified by parent objects through inheritance. (Inherited from ObjectSecurity.)
Public methodSetGroupSets the primary group for the security descriptor associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
Public methodSetOwnerSets the owner for the security descriptor associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
Public methodSetSecurityDescriptorBinaryForm(Byte[])Sets the security descriptor for this ObjectSecurity object from the specified array of byte values. (Inherited from ObjectSecurity.)
Public methodSetSecurityDescriptorBinaryForm(Byte[], AccessControlSections)Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified array of byte values. (Inherited from ObjectSecurity.)
Public methodSetSecurityDescriptorSddlForm(String)Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string. (Inherited from ObjectSecurity.)
Public methodSetSecurityDescriptorSddlForm(String, AccessControlSections)Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string. (Inherited from ObjectSecurity.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

The FileSecurity class specifies the access rights for a system file and how access attempts are audited. This class represents access and audit rights as a set of rules. Each access rule is represented by a FileSystemAccessRule object, while each audit rule is represented by a FileSystemAuditRule object.

The FileSecurity class is an abstraction of the underlying Microsoft Windows file security system. In this system, each file has a discretionary access control list (DACL), which controls access to the file, and a system access control list (SACL), which specifies the access control attempts that are audited. The FileSystemAccessRule and FileSystemAuditRule classes are abstractions of the access control entries (ACEs) that comprise DACLs and SACLs.

The FileSecurity class hides many of the details of DACLs and SACLs; you do not have to worry about ACE ordering or null DACLS.

Use the FileSecurity class to retrieve, add, or change the access rules that represent the DACL and SACL of a file.

To persist new or changed access or audit rules to a file, use the SetAccessControl method. To retrieve access or audit rules from an existing file, use the GetAccessControl method.

The following code example uses the FileSecurity class to add and then remove an access control list (ACL) entry from a file. You must supply a valid user or group account to run this example.

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string fileName = "test.xml";

                Console.WriteLine("Adding access control entry for "
                    + fileName);

                // Add the access control entry to the file.
                AddFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from "
                    + fileName);

                // Remove the access control entry from the file.
                RemoveFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account. 
        public static void AddFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {


            // Get a FileSecurity object that represents the 
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }

        // Removes an ACL entry on the specified file for the specified account. 
        public static void RemoveFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the 
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Remove the FileSystemAccessRule from the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }
    }
}

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2014 Microsoft