Click here to Skip to main content
11,806,339 members (70,457 online)
Click here to Skip to main content

NT Security Classes for .NET

, 19 Feb 2004 CPOL 294.3K 3.7K 75
Rate this:
Please Sign up or sign in to vote.
A collection of .NET classes written in Managed C++ that faciliate the manipulation of NT security rights


This class library allows access to the Win32 security calls in a .NET friendly way. It encapsulates the concepts of a user, a securable object (like a file, named pipe, directory, etc.), and permissions. This library was written in Managed C++ to simplify the amount of work needed to link to existing Win32 libraries. However, since it exposes all of its functionality via .NET, it can be used from any .NET compliant language, including C# and Visual Basic. The project was written and compiled with Visual Studio 2002.

NOTE: There is a library written by some Microsoft guys on GotDotNet that does much of the same thing and more. It can be found at

This article outlines the primary objects in the library and their use in manipulating security objects.


WindowsUser class

This class represents a single Windows identity (SID). It can be created by specifying either a username ("DOMAIN\user" format) or the string representation of a SID ("S-1-5-xxxx-xxx..."). You can also get the identity of the current user using the static property CurrentUser.

There are a number of predefined identities that exist as static members of a child class called WellKnownIdentities. Once you have an identity, you can get the following properties:

  • AccountName: string name of the account
  • Domain: string name of the account's domain
  • FullName: string in the form of "Domain\AccountName"
  • SidString: string representation of the SID

SecuredObject class

This class represents an object which can have a security descriptor. It can be created by specifying the name of the resource along with its type or by passing a handle (as an IntPtr) to the resource.

Once you have the object, you can update the permissions, audit information, owner and group.


This class encapsulates actions on the ACL. It allows granting, revoking, changing, and denying access levels to different users. Derived from AccessList, which is a collection class for AccessEntry.


This class encapsulates actions on the auditing list of an object. It allows getting and setting audit success and failure rights. Derived from AccessList, which is a collection class for AccessEntry.


This class encapsulates the Access Control Entry or ACE. You can set the user (trustee) and the associated rights and inheritance.


This code shows the library in action. It assumes you have aliased the Microsoft.Win32.Security namespace (using in C#, Imports in VB).

// Get the current user and print their information
WindowsUser user = WindowsUser.CurrentUser;
Console.WriteLine("{0} ({1})", user.FullName, user.SidString);

// Get the current user from their token
WindowsUser duser = new WindowsUser(

// Compare users
if (user == duser)

// Get a well-known user
user = WindowsUser.WellKnownIdentities.World;

// Get a user by name from a specific server (usually a domain controller)
WindowsUser kuser = new WindowsUser("user2", @"\\MYPDC");

// Get a user by name
user = new WindowsUser("DOMAIN\\user3");

// Get a user by SID
user = new WindowsUser("S-1-5-21-21782756-1035017279-1439700725-1111");

// Get security for C:\ directory
SecuredObject sec = new SecuredObject("C:\\", SecuredObjectType.FileObject);

// Set some various permissions on the directory
sec.Permissions.SetAccess(kuser, AccessRights.FileRead,
sec.Permissions.GrantAccess(kuser, AccessRights.FileExecute,
sec.Permissions.DenyAccess(kuser, AccessRights.FileWriteUnsync,
WindowsUser owner = sec.Owner;
sec.Owner = duser;
sec.Auditing.SetAuditFailure(duser, AccessRights.FileReadUnsync,

// Revoke some access
sec.Owner = owner;
DumpObject(sec) ;

// Reset the security on the directory
sec.Permissions.InheritFromParent = true;

// Write the DACL using the Microsoft style

The following function shows how to enumerate the permissions on a security object.

static void DumpObject(SecuredObject sec)
   Console.WriteLine("Security description:");
   Console.WriteLine("Owner: {0}\nGroup: {1}", 
     sec.Owner.FullName, sec.Group.FullName);
   foreach (AccessEntry ace in sec.Permissions)
      Console.WriteLine(String.Format("  {0} : {1} : {2}", 
         ace.Inheritance, ace.Rights));
   foreach (AccessEntry ace in sec.Auditing)
      Console.WriteLine(String.Format("  {0} : {1} : {2}", 
         ace.Inheritance, ace.Rights));


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

David Hall
Chief Technology Officer
United States United States
I have been a Windows software developer since 1991. Most of what I create fills the need for some aspect of bigger projects that I consult on.

You may also be interested in...

Comments and Discussions

GeneralBroken Link Pin
cilu11-Dec-09 5:41
membercilu11-Dec-09 5:41 
QuestionMemoryleak? Pin
mackenb13-Oct-09 2:41
membermackenb13-Oct-09 2:41 
GeneralWin32Helper Fails on comparing two null sids. Pin
Member 382942711-Aug-09 1:32
memberMember 382942711-Aug-09 1:32 
QuestionHow to setup mmsseclib for usage Pin
Juergen Loewner21-Aug-07 20:43
memberJuergen Loewner21-Aug-07 20:43 
GeneralRe: How to setup mmsseclib for usage Pin
Juergen Loewner22-Aug-07 7:12
memberJuergen Loewner22-Aug-07 7:12 
GeneralConsole frontend à la (X)Cacls Pin
LiQuick28-Mar-07 2:31
memberLiQuick28-Mar-07 2:31 
QuestionCompiler problem Pin
wakkoedu6-Dec-06 1:27
memberwakkoedu6-Dec-06 1:27 
QuestionDavid, can I use your dll in the commercial product? Pin
Dmitry V.Trus23-Nov-06 5:07
memberDmitry V.Trus23-Nov-06 5:07 
GenerallaunchPermission on component Pin
superk10-May-06 0:44
membersuperk10-May-06 0:44 
Generalexception question Pin
ah_zen11-Mar-06 1:30
memberah_zen11-Mar-06 1:30 
GeneralRe: exception question Pin
MrBonus1-Aug-06 0:46
memberMrBonus1-Aug-06 0:46 
QuestionVB 2005 issue Pin
lmwinbur13-Feb-06 18:11
memberlmwinbur13-Feb-06 18:11 
First off, I have to say this is awesome code. I've been searching for something to set ntfs without having to shell out for a while now and this does everything I need and more. Couldn't have been simpler. I am however having an issue using the dll in 2005. When the object is used in code I get the following error:

'mmsseclib.dll' is attempting managed execution inside OS Loader lock. Do not attempt to run managed code inside a DllMain or image initialization function since doing so can cause the application to hang.

This issue is only with 2005 and it works fine in 2003. I tried doing a simple conversion of the source to 2005 to see if that cleared the error, but the 2005 compiler threw another error compiling the dll:

Error 1 error C2872: 'FILETIME' : ambiguous symbol C:\Program Files\Microsoft Visual Studio 8\VC\PlatformSDK\include\lmaccess.h 1390
Has anyone tried this component in .Net 2.0? Any help would be greatly appreciated...

AnswerRe: VB 2005 issue Pin
bbosak23-Mar-06 10:11
memberbbosak23-Mar-06 10:11 
AnswerRe: VB 2005 issue Pin
OliProject18-Apr-07 3:27
memberOliProject18-Apr-07 3:27 
AnswerRe: VB 2005 issue Pin
Member 294579031-Dec-08 8:04
memberMember 294579031-Dec-08 8:04 
GeneralOn NT4.0 SP6 Machine Pin
k_udct2-Jun-05 23:22
memberk_udct2-Jun-05 23:22 
GeneralRe: On NT4.0 SP6 Machine Pin
David Hall6-Jun-05 5:27
memberDavid Hall6-Jun-05 5:27 
GeneralRe: On NT4.0 SP6 Machine Pin
k_udct8-Jun-05 3:54
memberk_udct8-Jun-05 3:54 
GeneralRe: On NT4.0 SP6 Machine Pin
David Hall8-Jun-05 4:43
memberDavid Hall8-Jun-05 4:43 
GeneralError while assigning SecurityObject Pin
VikramSaraf30-May-05 21:07
memberVikramSaraf30-May-05 21:07 
GeneralRe: Error while assigning SecurityObject Pin
David Hall6-Jun-05 5:30
memberDavid Hall6-Jun-05 5:30 
GeneralNamed pipe help Pin
erictaneda26-Dec-04 8:45
membererictaneda26-Dec-04 8:45 
GeneralQuestion about enums.h Pin
John Rusk29-Nov-04 16:36
memberJohn Rusk29-Nov-04 16:36 
GeneralRe: Question about enums.h Pin
David Hall30-Nov-04 4:51
memberDavid Hall30-Nov-04 4:51 
GeneralRe: Question about enums.h Pin
John Rusk30-Nov-04 8:32
memberJohn Rusk30-Nov-04 8:32 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.151002.1 | Last Updated 20 Feb 2004
Article Copyright 2002 by David Hall
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid