I have a share folder ,which i want to grant access permission to few peo开发者_如何学Pythonple only at certain times.i.e. while they try to access the folder ,i should be able to either allow or deny based on my wish.In short its run time access control ,not the static access control already present in windows. Is there a provision to hook a exe as such? I prefer to do it in C# .net
So to accomplish such a task i would use the ACL from NTFS. Yes it is 'hardcoded' and can't be changed while someone access a file. But you can write a windows service which will change the ACL dynamically based on whatever you like.
So write a program that changes the ACL and windows does the rest. Some examples for doing such a task in C# can be found with a little google search:
- http://weblogs.asp.net/cumpsd/archive/2004/02/08/69403.aspx
- http://blog.crowe.co.nz/blog/archive/2007/08/25/c---An-example-of-setting-NTFS-Directory--File.aspx
- ...
Update
To grant or deny a permission you need a rule set. These rules can be checked within your application and this sets the NTFS permissions. What is missing?
Maybe you don't have this easy method to get an event about 'user is accessing file/folder foo, what should i do?'. But you can generate each second (if you like) or depending on a event (file/folder created, copied, deleted, renamed; specific date/time reached) a new rule set and just burn it down into ACL. Finished.
Update (again)
@Ravisha: But when do you know the rules if you grant or deny the access? These rules are defined beforehand.
You say the user X has access only from 8am to 15pm or only if file y exists (or something special is written into file y). For all these rules you have to write a program and this program doesn't evaluate the rules if you got the event 'x is trying to access y'. Instead you check the rules on a regular basis (e.g. once per minute) or some other event (file rules.config has been changed). And then you alter the NTFS permissions according to your rules.
Maybe this isn't the perfect solution. But the easiest one you can accomplish within windows. If you really like to do it the hard way, you can maybe take a look into File System Filter Drivers. But this is a hard task and far away from managed code.
The access control is checked when a user tries to perform a file operation on a file in the folder, so you should not need to have any additional run-time checks.
Also, Windows doesn't include a "hook" facility to allow or deny access to a folder by running a program when access is attemped.
You can probably include an autorun.inf file that will run your app on folder open and close explorer window/ navigate up when someone is not allowed to enter. For details look Here
If a rootkit can do it, so can you. But I don't think you want to go there.
Why not put all you documents into some kind of file, with an extension that you control. If you doubleclick the file a winzip/explorer/... like interface will give access to the files in the cabinet, but only if you wish.
精彩评论