2.4. Writing the Primary Application Code
It's time to add some code to the application. Begin
with the primary application, Modify Permission. This application can
perform any number of tasks that rely on the user's standard
credentials. In fact, when working with a production application, it's
likely to be the largest part of the application because there really
are very few tasks that require administrator privileges. Listing 2 shows the code you need for the example application.
Example 2. Calling an external application
private void btnChange_Click(object sender, EventArgs e)
{
// Obtain the application path.
String ThePath = "\"" + Application.StartupPath + "\"";
// Create a new process for changing the permissions.
ProcessStartInfo PSI = new ProcessStartInfo(
"SetPermission", ThePath);
// Configure the process to run in an elevated state.
PSI.Verb = "runas";
// Run the process.
Process.Start(PSI).WaitForExit();
// Display a success message.
MessageBox.Show("Change Succeeded!");
}
|
The code begins by creating a path to the secondary application. It then creates a ProcessStartInfo object, PSI, which accepts the secondary application name and path as arguments. The next step is to set the PSI.Verb property to "runas". This step is very important because it tells the system to elevate the process rights to administrator mode.
At this point, the code calls Process.Start() with PSI as the argument. You want to be sure that you add WaitForExit()
so that the secondary application exits before the primary application
continues processing. The final step is to display a success message.
2.5. Writing the Secondary Application Code
Unlike your production application, the secondary
application does most of the work in the example. In this case, the
secondary application receives the application path as an input and
uses it to modify the rights for Temp.TXT, as shown in Listing 3.
Example 3. Modifying file or directory permissions externally
static void Main(string[] args)
{
// Create a file security object for the target file.
FileSecurity FS = File.GetAccessControl(
args[0] + @"\Temp.TXT");
// Create a new rule.
FileSystemAccessRule Rule = new FileSystemAccessRule(
new NTAccount(@"BUILTIN\Users"),
FileSystemRights.Write,
AccessControlType.Allow);
// Add the rule to the file security object.
FS.AddAccessRule(Rule);
// Save the rule to the file.
File.SetAccessControl(
args[0] + @"\Temp.TXT", FS);
}
|
The code begins by creating a FileSecurity object, FS, with the application path (passed as args[0]) and the filename, @"\Temp.TXT", as an argument. The code then builds a new FileSystemAccessRule object, Rule, that contains the account name, rights, and type of access (allow or deny). The kind of identity, in this case, is an NTAccount, @"BUILTIN\Users". The code is requesting the FileSystemRights.Write right and will allow (AccessControlType.Allow) the action.
Now, the code adds the new rule to FS using the AddAccessRule(). It then uses the File.SetAccessControl() method to actually change the rights on the file.
Make absolutely certain that you perform
this task on a closed file to ensure that your application doesn't
experience an error. Performing the task on an open file can cause
conflicts, especially if the file is opened for write access, which
locks it. To see the results of this example, right-click the file and
choose Properties from the Context menu. Select the Security tab to see
the results shown in Figure 7.
