|
|
Comments and Discussions
|
|
 |
|
The link to the GotDotNet is no longer valid. The DLL can be found here: http://code.msdn.microsoft.com/WindowsFolderWebPart/Release/ProjectReleases.aspx?ReleaseId=381.
|
|
|
|
|
Thanks for the great work!
There seems to be a memory leak (windows handle not closed) if you call so.Permissions.GetEffectiveRights(Me.WinUser) on an SecuredObject so.
Regards,
Georg
|
|
|
|
|
I've used this for setting permissions on shares. Doing this it fails in the UnsafeSetNamedSecurityInfo method in the Win32helper.cs file with a null pointer exception.
The error is due to a operator overload in the Sid class (Sid.cs). The overload operator calls a method called UnsafeEqualsSids which starts like this:
private static unsafe bool UnsafeEqualsSids(Sid s1, Sid s2)
{
if (object.ReferenceEquals(s1, null) || object.ReferenceEquals(s2, null))
{
return false;
}
This method fails if both sids are null. The following code inserts another tests which checks if both sids are null and then return true instead of false.
private static unsafe bool UnsafeEqualsSids(Sid s1, Sid s2)
{
if (object.ReferenceEquals(s1, null) && object.ReferenceEquals(s2, null))
{
return true;
}
if (object.ReferenceEquals(s1, null) || object.ReferenceEquals(s2, null))
{
return false;
}
|
|
|
|
|
Hi folks I am a sporadic Dot Net developer and haven't worked for about half a year with VS2005.
So forgive me my question:
To use the mmsseclib.dll do I have to use regasm?
Anything else to do before I can use mmsseclib (using mmsseclib)?
BTW: I want to use mmsseclib to give a web server on the fly the rights for a certain directory so that it can create a text file in it, when needed.
Any experiences how to do that/an example?
Best
JL
|
|
|
|
|
There are still some console freaks like me (system administrators) out there that have used MS tools like (X)Cacls to automate several tasks. But due to several problems with (X)Cacls I had to resort to manual labour  . But here it is!! A great library of David Hall! Have created a shell around it to make it more coworker friendly:->. You can find it on LiQuick.net. When all bugs are out, I'll try to write an add-on article to this page. Code of the console can be requested for by e-Mail.
|
|
|
|
|
Hi there,
I'm tring to compile the TestSec.cs using C# compiler, but no matter what I do, I allways get the same error:
The type or namespace name 'mmsseclib' could not be found (are you missing a using directive or an assembly reference?)
But the refence was there. I had copy the mmsseclib.dll to the same folder of TestSec.cs, access the command prompt, go to path of the TestSec.cs and mmsseclib.dll and type:
csc /target:exe /r:mmsseclib.dll TestSec.cs
How I can reference the dll to compile the program? 
Eduardo
tw latin america
|
|
|
|
|
David, can I use your nice and straightforward dll in the commercial product? What I shall do for that?
Dmitry.
|
|
|
|
|
Hi,
I have an asp application that needs to launch PowerPoint.
At installation, i would like to give the "ASPNET" account the ability to launch and execute
Powerpoint.
I tried with the following code below but It just allows this account to "read" the registry key.
Do you have any idea or where to modify to allow "Execution" from "ASPNET" account ?
Thanks.
Karim
WindowsUser kuser = new WindowsUser("ASPNET");
Console.WriteLine(kuser.FullName);
SecuredObject sec =null
string skey=@"Software\Classes\AppID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}";
IntPtr hKey;
int rc = Win32.RegOpenKey(Win32.HKEY_LOCAL_MACHINE,skey, out hKey);
if (rc == 0)
{
sec = new SecuredObject(hKey, SecuredObjectType.RegistryKey);
DumpObject(sec);
sec.Permissions.SetAccess(kuser, AccessRights.GenericExecute,AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
// below is some tests
//sec.Permissions.SetAccess(kuser, AccessRights.KeyAllAccess, AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
//sec.Permissions.SetAccess(kuser, AccessRights.FileFullControl, AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
DumpObject(sec);
Win32.RegCloseKey(hKey);
}
|
|
|
|
|
Hi there, I kept getting the following exception while attempting to load an existing user.
System.ComponentModel.Win32Exception: No mapping between account names and security IDs was done at Microsoft.Win32.Security.WindowsUser.Load(String accountName, String system) at Microsoft.Win32.Security.WindowsUser..ctor(String accountName) at RegStudent.RegisterStudent.CreateUserAccount(String username, String password, String subjectCode, String firstName, String surname, String studentDir, String virtualDir, String adminUser, String adminPass)
can anyone tell me why this is so? or what can cause this exception to occur. Many thanks
Regards
|
|
|
|
|
First off, I have to say this is awesome code. I've been searching for something to set ntfs without having to shell out for a while now and this does everything I need and more. Couldn't have been simpler. I am however having an issue using the dll in 2005. When the object is used in code I get the following error:
'mmsseclib.dll' is attempting managed execution inside OS Loader lock. Do not attempt to run managed code inside a DllMain or image initialization function since doing so can cause the application to hang.
This issue is only with 2005 and it works fine in 2003. I tried doing a simple conversion of the source to 2005 to see if that cleared the error, but the 2005 compiler threw another error compiling the dll:
Error 1 error C2872: 'FILETIME' : ambiguous symbol C:\Program Files\Microsoft Visual Studio 8\VC\PlatformSDK\include\lmaccess.h 1390
Has anyone tried this component in .Net 2.0? Any help would be greatly appreciated...
Thanks,
Landon.
|
|
|
|
|
I installed this dll on to our Project and it works for me on XP and 2000. Afterwards there was a requirement for us to install our Project on Win NT 4.0 Sp6 application. It is crashing at this mmsseclib.dll saying advapi32.dll(system32) is giving probem.
Unless i build this dll on NT machine, I will not able to fix my problem. Since Visual Studio.NET cannot be installed on Windows NT SP6.0, Can you suggest some way around for me to build this application on Visual Studio 6.0 VC++ 6.0., so that i can add this dll on NT.
Thanks in advance,
KK
KK
|
|
|
|
|
Somebody help me correct this error. I get "Object reference not to instance of an object" and sometimes "System.OutOfMemoryException" error at the same statement.
Following is the code snippet for your reference:
private void grantRights(string grantType)
{
try
{
//Store the path of the Selected Directory
//Get the path from the type propery of the treeview control
String dirPath = @"C:\InetPub\WWWRoot\AD";
//Initialise AccessRight to 0 (none)
AccessRights rights=0;
//Get the access rights choosen by the user
//Full Control
if(grantType=="Full Control") rights = AccessRights.FileFullControl;
//Write
if(grantType=="Write") rights = AccessRights.FileWrite;
//Read Only
if(grantType=="Read Only") rights = AccessRights.FileRead;
//Create WindowUser instance to provide the Access Rights
WindowsUser user = new WindowsUser ("amol","active");
//Create SecuredObject instance to denote the selected Directory
SecuredObject sec = new SecuredObject(dirPath, SecuredObjectType.FileObject); //I SOMETIMES get above mentioned error here
//Set the rights or permissions
sec.Permissions.SetAccess(user, rights, AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
}
}
//Show success message
HandleSuccess(grantType + " Permission was given for the selected users.");
}
catch(Exception ex)
{
//Show error
HandleException(ex.Message);
}
}
The above mentioned error does not occur every time I run the code. It occurs sometimes. At other times the code works fine. I dont understand why this happens.
I am working on Active Directories. I have to provide access rights for particular users for the directories in IIS 6.0 Web Server.
I am using ASP .Net and C#, Visual Studio .Net 2003, Microsoft .Net Framework 1.1.
Please provide a solution for this as early as possible. Your help will be highly appreciated.
-Vikram Saraf
|
|
|
|
|
Hi,
I have not been able to figure out how to create a SecuredObject for a named pipe. I tried:
SecuredObject sec = new SecuredObject("\\\\.\\pipe\\namedpipename",SecuredObjectType.FileObject);
but I get a "The parameter is incorrect" exception.
Any suggestions?
|
|
|
|
|
David,
Thanks for posting this code, it's very useful.
I have taken over a long-running project that uses your code. Unfortunately, the original developer on this project is no longer available to answer questions. I have noticed that "our" version of the source code differs slightly from yours, and I'm wondering which is right.
In "ours", AceInheritanceFlags is of type Int16 and contains SUB_CONTAINERS_AND_OBJECTS_INHERIT. In the version currently on Code Project, AceInheritanceFlags is of type Byte, and does not contain SUB_CONTAINERS_AND_OBJECTS_INHERIT.
I'm not sure whether our version is out of date, or if the differences are bug fixes made by my predecessor. Given my description above, are you able to tell me which is correct?
Many thanks,
John
|
|
|
|
|
Below is my code (written in vb.net)
'*******************************************************************************************
‘Call the setPermission procedure
setPermission(”C:\Inetpub\www\MyWebsite”, “JOP\ASPNET”)
‘And the actual method
Sub setPermission(ByRef vPath As String, ByVal UserName As String)
Dim user As WindowsUser = New WindowsUser(UserName)
Dim sec As SecuredObject = New SecuredObject(vPath, SecuredObjectType.FileObject)
sec.Permissions.GrantAccess(user, AccessRights.FileExecute, AceInheritanceFlags.ContainerInherit)
End Sub
'*******************************************************************************************
Tthe code works perfectly find, but when I check Security properties on the folder, I find that ASP.Net account has “Special Permissions” in stead of normal Read, Write and Execute permissions. I am not sure if anyway I can add Regular Read, Write and Execute permissions using the above code, as users get access denied error message when they try to upload files to the folder.
|
|
|
|
|
Any idea if there is a good way to do this but for registry keys?
|
|
|
|
|
I was getting a null reference error after a while when calling this library from a web service. It would work for a few days, and then I would get the error. It would go away only after restarting IIS.
The null reference was in the constructor for MString. I changed the constructor to do the code exactly the same as the operator = instead of calling the operator=, and the problem has gone away. Anyway, here is what my MString constructor looks like now. Hope this saves someone else some headaches:
MString(String* s)
{
if (sizeof(TCHAR) == sizeof(char))
sbuf = Marshal::StringToHGlobalAnsi(s).ToPointer();
else
sbuf = Marshal::StringToHGlobalUni(s).ToPointer();
}
|
|
|
|
|
Dim user As New WindowsUser("MYDOMAIN\MYUSER")
MsgBox(sec.Permissions.GetEffectiveRights(user).ToString)
Returns FileReadExecute, even if I use MYDOMAIN\IUSR_MYMACHINE. Seems that it ignores the user?
Anyone?
Thanks
Bent
Denmark
|
|
|
|
|
Help!
I have the following line of code...
sec.Permissions.SetAccess(usr, AccessRights.FileRead, _
AceInheritanceFlags.ContainerInherit Or AceInheritanceFlags.ObjectInherit)
I get the following compiler error
Value of type 'Integer' cannot be converted to mmsseclib.AccessRights
Any ideas? 
|
|
|
|
|
O.k. I'm not very familiar with C++ development, but can anyone help to resolve this issue
Compiling...
mmsseclib.cpp
D:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\PlatformSDK\Include\LMaccess.h(1391) : error C2872: 'FILETIME' : ambiguous symbol
could be 'D:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\PlatformSDK\Include\WinDef.h(354) : Win32::_FILETIME Win32::FILETIME'
or 'x:\temp\trial\ntsecurity\Stdafx.h(7) : System::Runtime::InteropServices::FILETIME'
D:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\PlatformSDK\Include\LMaccess.h(1392) : error C2872: 'FILETIME' : ambiguous symbol
could be 'D:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\PlatformSDK\Include\WinDef.h(354) : Win32::_FILETIME Win32::FILETIME'
or 'x:\temp\trial\ntsecurity\Stdafx.h(7) : System::Runtime::InteropServices::FILETIME'
D:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\PlatformSDK\Include\LMaccess.h(1393) : error C2872: 'FILETIME' : ambiguous symbol
could be 'D:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\PlatformSDK\Include\WinDef.h(354) : Win32::_FILETIME Win32::FILETIME'
or 'x:\temp\trial\ntsecurity\Stdafx.h(7) : System::Runtime::InteropServices::FILETIME'
x:\temp\trial\ntsecurity\mmsseclib.h(577) : fatal error C1903: unable to recover from previous error(s); stopping compilation
any hints?
Win2k3, VS2003EA
thx
|
|
|
|
|
Microsoft are created Win32Security.dll for C# over WinAPI. Get it and work  ))
|
|
|
|
|
I'm trying to run an ASP.NET page wich will enable a user to manipulate NTFS permissions on the server. The code uses the compiled msseclib.dll from your security classes, but no luck. I've tried increasing the trustlevel on the server til Full Trust for this assembly, but it does not let me use your code it seems... ANY ideas welcome....
But: Your code Does work great on a local console testapp I made.
Here's the error I get:
******************
Server Error in '/admin' Application.
--------------------------------------------------------------------------------
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Unverifiable assembly 'mmsseclib' failed policy check.
Source Error:
[No relevant source lines]
Source File: machine.config Line: 198
Assembly Load Trace: The following information can be helpful to determine why the assembly 'mmsseclib' could not be loaded.
=== Pre-bind state information ===
LOG: DisplayName = mmsseclib
(Partial)
LOG: Appbase = file:///D:/home/userX/www/admin
LOG: Initial PrivatePath = bin
Calling assembly : (Unknown).
===
LOG: Policy not being applied to reference at this time (private, custom, partial, or location-based assembly bind).
LOG: Post-policy reference: mmsseclib
LOG: Attempting download of new URL file:///C:/WINNT/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files/admin/b007b703/53b8c9bb/mmsseclib.DLL.
LOG: Attempting download of new URL file:///C:/WINNT/Microsoft.NET/Framework/v1.1.4322/Temporary ASP.NET Files/admin/b007b703/53b8c9bb/mmsseclib/mmsseclib.DLL.
LOG: Attempting download of new URL file:///D:/home/userX/www/admin/bin/mmsseclib.DLL.
LOG: Policy not being applied to reference at this time (private, custom, partial, or location-based assembly bind).
LOG: Post-policy reference: mmsseclib, Version=1.0.1245.25802, Culture=neutral, PublicKeyToken=null
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
******************
Regards,
Roger
|
|
|
|
|
Whenever I try to get permissions from HKLM, I get the following error:
"Error Getting permissions 5: The parameter is incorrect"
Here is the code (VB.NET):
On Error Resume Next
Dim Sec As New SecuredObject(CStr(txtRegKey.Text), SecuredObjectType.RegistryKey)
If Err.Number <> 0 Then
txtOutput.Text = txtOutput.Text & "Error Creating Object " & Err.Number & ": " & Err.Description & vbCrLf & vbCrLf
Exit Sub
End If
txtOutput.Text = txtOutput.Text & Sec.ToString & vbCrLf & vbCrLf
If Err.Number <> 0 Then
txtOutput.Text = txtOutput.Text & "Error Getting permissions " & Err.Number & ": " & Err.Description & vbCrLf & vbCrLf
Exit Sub
End If
For the text box, I have tried the following:
HKEY_LOCAL_MACHINE\Software
HKLM\Software
LOCAL_MACHINE\Software
LM\Software
The only string I have been able to put in and have work is USERS\.Default to access the HKEY_Users key. How can I access HKEY_LOCAL_MACHINE?
Thanks.
|
|
|
|
|
As noted in one of the other messages, a person from Microsoft has released a set of security classes that may be part of a future framework release. In many ways, the library is more complete than mine. To find it, go to http://www.gotdotnet.com[^], click on "User Samples" and search for "ACLs". You should find the article from RenaudPaquay.
|
|
|
|
|
I am having an error when trying to run the NT security classes project. It compiles with no problems but when I run it it gives some type of runtime error. I am on an XP OS if that helps but is there anything I can do or that I'm doing wrong please help. Thanks
Parkman
|
|
|
|
|
Hello I am trying to become more familiar with .NET and I am trying to compile the code you put on code project for the NTsecurity classes and If possible could you list EVERY step in building,compiling what files I need or neeed to change in .NET to see the project in action. Thanks
Parkman
|
|
|
|
|
I am considering using this class for a program that I may sell.
Do I have your permission to do this?
Thanks.
|
|
|
|
|
This may be a dumb one, but I've built the C++ project. Then, I create a new C# Console project, and add a reference to the mmsseclib.dll file. Everything seems fine, and the project compiles OK. However, when I try to run it, I get:
"An unhandled exception of type 'System.IO.FileLoadException' occurred in Unknown Module.
Additional information: Unable to load file 'mmsseclib'.
Any suggestions?
Thanks in advance,
Cliffe
|
|
|
|
|
Thanks, this just saved major headaches.
I was searching namespace after namespace and could not figure out how to do this in c# .NET. One would think MS would expose a security discriptor from a call to FileIOPermissions or something. But now I know how to do it.
|
|
|
|
|
hello David, I find the library very insteresting, but I have a problem when I try to modify registry acl's with it. I receive a Win32Exception when a set the ace with the message: "The parameter is incorrect". What is wrong in this code ?
//SecuredObject to modify
NTFSSecurityMan.SecuredObject so=new NTFSSecurityMan.SecuredObject(@"HKEY_USERS\.DEFAULT\Software\MYCOMPANYNAME", NTFSSecurityMan.SecuredObjectType.RegistryKey);
//ACE to grant in the securedobject
NTFSSecurityMan.AccessEntry ace1=new NTFSSecurityMan.AccessEntry(new NTFSSecurityMan.WindowsUser("user1"), NTFSSecurityMan.AccessRights.KeyAllAccess, AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
so.Permissions.GrantAccess(ace1); //Here Win32Exception:
thansk and best regards,
raul
P.D.: "user1" exists as local user, the key HKEY_USERS\.DEFAULT\Software\MYCOMPANYNAME exists and I'm administrator.
|
|
|
|
|
Hi:
I use GetFileSecurity,FetSecurityDescriptorDacl,GetAclInformation and GetAce to get mask of file.In MSDN for ACCESS_MASK it define values from 1 to 32 but when I debug my program it show me for myAce->Mask very big number,so I can't understand,it refer to which access.In your code you always cast Mask to AccessRights,I can't find out how do you use it to figure out which rights are available for a object.So can you give me some suggestion how can I use ACCESS_MASK after I get it with GetAce()?
Thanks
<html>Mazy</html>
"If I go crazy then will you still
Call me Superman
If I’m alive and well, will you be
There holding my hand
I’ll keep you by my side with
My superhuman might
Kryptonite"Kryptonite-3 Doors Down
|
|
|
|
|
I use SecuredObject to get owner and group of files.For some files group name or both of them are null.Is that means some files does not have any owner???
<html>Mazy</html>
"If I go crazy then will you still
Call me Superman
If I’m alive and well, will you be
There holding my hand
I’ll keep you by my side with
My superhuman might
Kryptonite"Kryptonite-3 Doors Down
|
|
|
|
|
Hey david,
My problem .... i have a folder named "myFolder" which is inheriting permission form the parent folder say "parentFolder". The inherited ACE is "full control " to "Everyone".Now i need to change the permission on myFolder by giving it the following permissions :- Everyone should get read access and "syborgg"(thats me )should get "full control" .
The code i wrote is shown below.
..
...
.
WindowsUser wUser = new WindowsUser("Everyone");
WindowsUser sUser = new WindowsUser("MYDOMAIN\\syborgg");
//get the security object for myFolder
SecuredObject sec = new SecuredObject("C:\\parentFolder\\myFolder", SecuredObjectType.FileObject);
//now turn inheritence from parent off
sec.Permissions.InheritFromParent=false;
//This doesnot seem to work ..... ie the flag remains true....
//give full control to me....
sec.Permissions.SetAccess(sUser,AccessRights.GenericAll,AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
//give only read permissions to Everyone
sec.Permissions.SetAccess(sUser,AccessRights.GenericRead,AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit);
..
....
.....
My problem is to remove the inherited permissions(ACEs) from the parent.
Any ideas as to how i do this?
Thanking ya in advance.
Syborgg
|
|
|
|
|
How can I use this library in VC.NET?
I add this line in my stdafx.h but I got an error that it can not open this type library.
#import "mmsseclib.dll"
<html>Mazy</html>
"If I go crazy then will you still
Call me Superman
If I’m alive and well, will you be
There holding my hand
I’ll keep you by my side with
My superhuman might
Kryptonite"Kryptonite-3 Doors Down
|
|
|
|
|
Your code was a great help Thank you.[ ].
Looking for a way to serialize the AccessEntry object doesn't sem to want to play nice with System.Xml.Serialization
Any ideas on how this can be done?
|
|
|
|
|
im just trying to run the tester class which is bundled with the source but the call to sec.Permissions.SetAccess(kuser, AccessRights.FileRead, AceInheritanceFlags.ContainerInherit|AceInheritanceFlags.ObjectInherit); seems to fail .... i tried to step into the code ... i reach
ret = ::SetNamedSecurityInfo(*objName, seot, secInfo, pOwner, pGroup, pDacl, pSacl); which is the actual win32 api... from here the code simply seems to stop excecuting and i get the console listing the users ....... i have admin privileges on the domain ....i dont get an exception  .... any idea where im goin wrong.... ?
|
|
|
|
|
I found this article very interesting.
I was searching examples about .NET security from months.
Are these examples applicable also in a ASP.net
environment?
I need access/set ACL via ASP.net.
Please, provide more examples, if you can.
Thanks in advance.
Sergio Bertini
|
|
|
|
|
When I compile the source, I get the following link error:
sas.Core.Managed error LNK2001: unresolved external symbol "void __cdecl __CxxCallUnwindDtor(void (__thiscall*)(void *),void *)" (?__CxxCallUnwindDtor@@$$J0YAXP6EXPAX@Z0@Z)
Any one know how to fix this error?
|
|
|
|
|
If you want to create/modify/delete a file on a different drive or network share from ASP one way is to impersonate a user. Can you give an example of how to so this?
Todd Smith
|
|
|
|
|
I am an IT infrastructure architect for a Fortune 20 company.
Just curious, what is a Fortune 20 company? Is it among the top 20 out of the fortune 100?
|
|
|
|
|
|
|
 General  News  Suggestion  Question  Bug  Answer  Joke  Rant  Admin
|
A collection of .NET classes written in Managed C++ that faciliate the manipulation of NT security rights
| Type | Article |
| Licence | CPOL |
| First Posted | 23 Jul 2002 |
| Views | 267,635 |
| Downloads | 3,326 |
| Bookmarked | 74 times |
|
|
Submit an article or tip
Post your Blog
