Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

The Windows Access Control Model Part 3

, 1 Jul 2005
In the third part of this series, we will take a tour of the new access control classes coming in .NET v2.0.
using System;
using System.Security.AccessControl;
using System.Collections.Generic;
using System.Windows.Forms;
using System.Text;

namespace NetAccessControl
{
	class SACLForm : DACLForm
	{
		public SACLForm(RegistrySecurity ppSDIn, string ObjectNameIn) : base(ppSDIn, ObjectNameIn)
		{
			/* We need to edit some of the text to SACL specific stuff. */
			this.dataGridViewComboBoxColumn1.Items.Clear();
			this.dataGridViewComboBoxColumn1.Items.Add("None");
			this.dataGridViewComboBoxColumn1.Items.Add("Success");
			this.dataGridViewComboBoxColumn1.Items.Add("Failure");
			this.autoinheritBox.Text = "SACL auto-&inherits from its parent";
		}

		protected override void CheckAutoInheritBox()
		{
			/* Checked if the SACL inherits */
			this.autoinheritBox.Checked = !this.ppSD.AreAuditRulesProtected;
		}

		protected override uint GetAccessRightsFromEntry(System.Security.AccessControl.AuthorizationRule Entry)
		{
			/* Is it an AccessRule, or AuditRule. */
			return (uint)((RegistryAuditRule)(Entry)).RegistryRights;
		}

		protected override string GetAccessType(AuthorizationRule Entry)
		{
			/* Same thing here */
			return ((RegistryAuditRule)(Entry)).AuditFlags.ToString();
		}

		protected override AuthorizationRuleCollection GetAuthzRules(bool inheritedOrExplicit)
		{
			return this.ppSD.GetAuditRules(!inheritedOrExplicit, inheritedOrExplicit,
				typeof(System.Security.Principal.NTAccount));
		}

		protected override void applyButton_Click(object sender, EventArgs e)
		{
			for (int i = 0; i < this.daclLView.Rows.Count; i++)
			{
				try
				{
					/* Identity */
					string identity = (string)(this.daclLView["userLViewCol", i].Value);

					/* Access mask */
					RegistryRights accessMask = (RegistryRights)(Convert.ToUInt32
						((string)(this.daclLView["permsLViewCol", i].Value), 16));

					/* Inheritance flags */
					AuthorizationRule inheritEntries =
						(AuthorizationRule)(this.daclLView["inheritLViewCol", i].Tag);

					/* With this information, we can create an Audit rule. */
					RegistryAuditRule newEntry = new RegistryAuditRule(identity, accessMask,
						inheritEntries.InheritanceFlags, inheritEntries.PropagationFlags,
						this.GetFlags(i));

					/* With the auditrule created, apply it to the security descriptor. */
					this.ppSD.SetAuditRule(newEntry);
				}
				catch (System.NullReferenceException)
				{
					/* ignore empty values */
				}
			}
			/* Don't forget the auto-inheritance */
			this.ppSD.SetAuditRuleProtection(!this.autoinheritBox.Checked, (bool)(this.autoinheritBox.Tag));
			this.Close();
		}

		protected override void HandleUpdatedData(object sender, DataGridViewCellEventArgs e)
		{
			/* The user changed an item, enable the Apply button. */
			if (e.ColumnIndex == 3)
			{
				/* Actually the user just wanted to see the inheritance flags. So Show them */
				RegistryAuditRule inheritFlags = (RegistryAuditRule)
					(this.daclLView[e.ColumnIndex, e.RowIndex].Tag);
				Inheritance<RegistryAuditRule> childFrm = new Inheritance<RegistryAuditRule>(
					inheritFlags);

				if (childFrm.ShowDialog(this) == DialogResult.OK)
				{
					RegistryAuditRule Entry = new RegistryAuditRule((string)
						(this.daclLView["userLViewCol", e.RowIndex].Value),
						(RegistryRights)(Convert.ToUInt32((string)(this.daclLView["permsLViewCol", e.RowIndex].Value), 16)),
						childFrm.Entryinhers, childFrm.Entryprops, this.GetFlags(e.RowIndex));
					this.daclLView[e.ColumnIndex, e.RowIndex].Tag = Entry;
					this.applyButton.Enabled = true;
				}
			}
			else this.applyButton.Enabled = true;
		}

		protected AuditFlags GetFlags(int i)
		{
			/* Since this is required by two events, I've extracted this method from the main handler. */
			AuditFlags alloworDeny = AuditFlags.None;
			switch ((string)(this.daclLView["typeLViewCol", i].Value))
			{
				default:
				case "None":
				{
					alloworDeny = AuditFlags.None;
					break;
				}
				case "Failure":
				{
					alloworDeny = AuditFlags.Failure;
					break;
				}
				case "Success":
				{
					alloworDeny = AuditFlags.Success;
					break;
				}
			}
			return alloworDeny;
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

oshah
Web Developer
United States United States
Mr. Shah is a reclusive C++/C# developer lurking somewhere in the depths of the city of London. He learnt physics at Kings' College London and obtained a Master in Science there. Having earned an MCAD, he teeters on the brink of transitioning from C++ to C#, unsure of which language to jump to. Fortunately, he also knows how to use .NET interop to merge code between the two languages (which means he won't have to make the choice anytime soon).
 
His interests (apart from programming) are walking, football (the real one!), philosophy, history, retro-gaming, strategy gaming, and any good game in general.
 
He maintains a website / blog / FAQ / junk at shexec32.serveftp.net, where he places the best answers he's written to the questions you've asked. If you can find him, maybe you can hire Mr. Shah to help you with anything C++[/CLI]/C#/.NET related Smile | :) .

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.141030.1 | Last Updated 1 Jul 2005
Article Copyright 2005 by oshah
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid