0

I have a folder that I only want Administrators having permissions to write text files to it.

I need to write text files in a program and insert it into the folder. I am currently using StreamWriter to write the files. It works for me to write the files because I am an administrator and have access to the folder.

I need to have it so all users using the program that may not have access to write to the folder can use the program, and when needed, use the vb.net program to write to the folder but if they try to access the folder they wont have access to write or edit anything in it.

My Idea's where to possibly create a 'Application User' that has access to the folder. This user would be somehow reference when writing the files from the application. Not sure if that is possible.

            Dim file As System.IO.StreamWriter
        file = My.Computer.FileSystem.OpenTextFileWriter("O:\*****\****\**\****\" + LPlant + LMove + "_" + Format(thisDay, "yyyyMMddhhmmss") + ".dat", True)
        file.WriteLine(LPlant + LMove + LMaterial + LQuantity + LLocation + LUnit + LPPOrderNum + LPONum + LPOItem + LBatchNum + LDocumentDT + LBadgeID + LSequenceNum)
        file.Close()

Has anyone done anything like this in a vb.net application.

Any help would be appreciated

Thanks

Sbleezy
  • 27
  • 6
  • 2
    https://stackoverflow.com/questions/125341/how-do-you-do-impersonation-in-net – Hans Passant Jun 29 '22 at 21:20
  • 1
    Well, to use impersonation (as suggested by Hans Passant), your end users needs read access to the user name and password of the special user (either on disk or embedded in the program, which your end user can easily disassemble!). This means that, from a security point-of-view, you are effectively handing the credentials of your special user to your end users, which they can use to log in as that user. – Heinzi Jun 30 '22 at 10:51

1 Answers1

0

Sorry, that won't work. A program run by user X can only do what user X can do. There is no setuid functionality on Windows.

You can work around this issue by designing your application as a service, either a classic Windows Service or, for example, a locally running web application. That service application would run with a special user account that has the necessary permissions (i.e., write permissions to that directory). Your end users would use the web interface (in case of a web application) or a non-privileged application that can communicate with your privileged service (in case of a Windows service).

Heinzi
  • 167,459
  • 57
  • 363
  • 519