Filesystemwatcher - How to catch the user who modified C#

Asked

Viewed 152 times

0

I developed an application that monitors events in filesystem using the class FileSystemWatcher and would like to leave installed on the file server happens that I need to register the user who accessed the file over the network.

Observing: locally know I can use:

System.Security.Principal.WindowsIdentity.GetCurrent().Name

or 

ManagementObjectSearcher searcher = 
                 new ManagementObjectSearcher("SELECT UserName FROM Win32_ComputerSystem");
ManagementObjectCollection collection = searcher.Get();

and by the network?

c#

  • How about making a record of users in a comic book. When changing the file ask for user confirmation, password and confirmed pass time info and user name to another table. Becomes unviable?

  • Speak there. Putz guy makes very impossible. There must be a way, the OS itself records these events when the file audit is enabled. :(

1 answer

0

In the title you say user you changed, but in the question you say the user you accessed.

If you want the user you accessed, you won’t be able to by the file properties. You will probably have to implement a file access control.

If you want the last user you changed, you will have difficulties when the user is from another domain.

If you are in the same domain, try the following code:


var usr = System.IO.File.GetAccessControl(path).GetOwner(typeof(System.Security.Principal.SecurityIdentifier));

or


var usr = System.IO.File.GetAccessControl(path).GetOwner(typeof(System.Security.Principal.NTAccount));

  • This is @Felipe Grossi... using the method SecurityIdentifier returns the id and using 'Ntaccount' returns something like "BUILTIN Administrators".

  • I found this other way in the gringo stackoverflow: string Owner = File.Getaccesscontrol("path"). Getowner(typeof(Securityidentifier)). Translate(typeof(Ntaccount)). Tostring();

  • @Thiagoceconelo reading this article: https://stackoverflow.com/questions/6016279/objectsecurity-getowner-returns-group-rather-than-user I had the following question: As you have domain administrator access, the result may be unexpected. Ask a "common" user to change the document and run the program again to see if the result turns out as you wish.

  • Cara worked... at least in parts ... When the file is deleted I can no longer use this function. ( . Dude, how does the OS record this on Event Viewer? Got an idea?

  • From what I understand, you would need to follow a path of access control... but as you are developing at hand, let’s see the available resources. To check the deletion history, you can use Event Viewer yes, but you will have to enable the Audit of the files. Get a look at this article: https://support.microsoft.com/pt-br/help/301640/how-to-set-view---change-or-remove-auditing-for-a-file-or-folder-in-w

  • It is. Now how or better which class or dll does the OS uses to record these events associating the same to the user? Complicated guy ...

  • I see that you will have to divide your problem into 2 parts: 1) File Change / Creation (which I understand you already have the subject’s domain) 2) File Deletion Log (which you still haven’t managed to master) I’ll do one more search to see if I can help you with the file deletion log...

  • So I searched, to solve the problem of the deleted file the easiest way and that will probably be slow... is by enabling the windows Audit: http://support.microsoft.com/kb/310399 and searching for the class System.Diagnostics.Eventlog the events logged into the Viewer Event.

Show 3 more comments

Browser other questions tagged c#

You are not signed in. Login or sign up in order to post.