ACL Security Management in C#

Ok, so I had a need today to do some serious access control work in C# and decided to google the early morning away trying to figure out how to work with security descriptors in C#. Not much luck. I get to a point that I decide I will need to use the system APIs that are available in C.

So I take the entire day and port all the SDDL, ACE and ACL stuff over from C into C#, marshalling all required functions to P/Invoke nice and pretty like.

I rip my hair out while I try to map the SECURITY_DESCRIPTOR struct correctly, and get it all working in about 8 hours. I am impressed with myself. Works great on checking DACL on a file. Then hell breaks loose. The world comes to a halt when for some reason I can't WRITE to the DACL. Ok, I spend more time googling to see if I can find the answer.

So what do I find after another hour of googling? That Renaud Paquay, a Microsoft employee that is active on gotdotnet.com has already fully ported all I want in the Microsoft.Win32.Security namespace. 10 minutes after downloading the source, not only is everything working, but I have access to even more features then my own port.

Arggggggggg!!! Gotta write today up as a learning experience with marshalling and P/Invoke, as it was a totally unproductive day otherwise. Then again... I do now have wicked access control in my latest app. On the fly DACL manipulation, oh ya baby.

So, if you are writing code in C# and need access to the Windows security APIs, check out Renaud's port.

Thanks Renaud!