Using the Access Control Editor

The Access Control Editor is a COM control that helps you to add a standard interface to your application—allowing administrators to set application security as needed. These are the same property pages that Microsoft uses within Windows 2000 and Windows XP to set security. The Access Control Editor uses two sets of property pages. The user will normally see the simple property page dialog shown in Figure 8.2.

igure 8.2: The Access Control Editor is a generally accessible component.

I chose this particular example so that you'd see the dialog in action. The content of the dialog changes to meet object requirements. The Administrator will normally use the advanced property page shown in Figure 8.3.

As you can see, both property pages allow the administrator to work with the security settings for an application with relative ease. Notice that the advanced dialog provides complete controls for setting every security aspect for this particular object. The Permissions tab sets the DACL, the Auditing tab the SACL, and the Owner tab the owner information. The only missing element is the group information, which isn't important at the user level in many cases.

You can easily implement the Access Control Editor in a .NET application by creating the proper interfaces. The ISecuritylnformation interface is the essential component of this implementation. I won't go into the programming details in this section. However, it's important to know that you can add the Access Control Editor to your applications by adding the appropriate COM interfaces and implementing the required functions the interfaces describe.

AdMiKfil Security Settlnp lor Window» XP (I:)

AixJfr«; Q~rm ElOe^fWtW To mote rtc*mafterv «boJ Spcorf pawmacra, «efect a pawat&tin erity and t»ier cfcc*. Edt

'*-> Nana

PoWl IMfl



41c ii-ilEM

'.JC ortitu

<no4 rhcrfed:-




<no( rfwMl


Afc- Uie»|MAM\Uie»l


<ooi rherttd>

ThitoM» nMiMst

Alo» Uwi IMWUI wtl



Iht Win ttd txjkàd


Omf rfci / w


SuMoMwi rrt,

Alow Ewoyone

"«ad I £ HCUK



O Ropbce poimucn Mini on ji cMd otjecti wrih «rtnei rftown here »vit to cMd otjocti

| OK j | Coned igure 8.3: The advanced features of the Access Control Editor provide the administrator with full access control.

For the Win32 API developer, the Access Control Editor fulfills another purpose. We'll use this operating system feature to verify changes made by the sample applications. Security is one of those difficult changes to verify unless you want to build a lot of test applications. The Access Control Editor is one of many tools that enable you to check the output of your application, but this particular tool is one of the easiest to use and the most reliable. In general, you'll want to use this tool before you use anything else.

It's also easy to use the Access Control Editor to set up test cases for your applications. For example, you might want to ensure that your application detects certain types of security changes. (This behavior often occurs when a virus is at work, so the ability of your application to detect odd changes is important.) The Access Control Editor enables you to make changes on a test object quickly. You can then test your application to see how the change affects its operation. Generally, your applications need to at least detect changes within certain ranges of approved behavior. For example, an application would want to detect files that have security turned off if the information they contain is sensitive.

Was this article helpful?

0 0

Post a comment