File Permissions in C#

File permissions in C# are managed using the FileIOPermission class from the System.Security.Permissions namespace. This class controls the ability to access files and folders by defining what operations are allowed on specific file system resources.

The FileIOPermission class is part of .NET's Code Access Security (CAS) system and helps ensure that applications only perform file operations they are explicitly granted permission to execute.

Syntax

Following is the syntax for creating a FileIOPermission instance −

FileIOPermission permission = new FileIOPermission(PermissionState.None);
permission.AllLocalFiles = FileIOPermissionAccess.Read;

Following is the syntax for adding specific path permissions −

permission.AddPathList(FileIOPermissionAccess.Read, @"C:\MyFolder");

Key Properties

Key Methods

Using FileIOPermission for Security Checks

The Demand() method is used to verify that all callers in the call stack have the required permissions. If any caller lacks permission, a SecurityException is thrown −

Example

using System;
using System.IO;
using System.Security.Permissions;
using System.Security;

public class Demo {
   public static void Main() {
      FileIOPermission file = new FileIOPermission(PermissionState.None);
      file.AllLocalFiles = FileIOPermissionAccess.Read;
      
      try {
         Console.WriteLine("Checking if application has permission to read files...");
         file.Demand();
         Console.WriteLine("Permission granted: Can read local files");
      }
      catch (SecurityException s) {
         Console.WriteLine("Permission denied: " + s.Message);
      }
   }
}

The output of the above code is −

Checking if application has permission to read files...
Permission granted: Can read local files

Adding Specific Path Permissions

Example

using System;
using System.Security.Permissions;
using System.Security;

public class PathPermissionDemo {
   public static void Main() {
      FileIOPermission permission = new FileIOPermission(PermissionState.None);
      
      // Add read access to a specific directory
      permission.AddPathList(FileIOPermissionAccess.Read, @"C:\Windows\System32");
      
      // Add write access to temp directory
      permission.AddPathList(FileIOPermissionAccess.Write, @"C:\Temp");
      
      try {
         Console.WriteLine("Demanding file permissions...");
         permission.Demand();
         Console.WriteLine("All specified path permissions are granted");
      }
      catch (SecurityException ex) {
         Console.WriteLine("Security exception: " + ex.Message);
      }
      
      // Create a copy of the permission
      FileIOPermission copyPermission = (FileIOPermission)permission.Copy();
      Console.WriteLine("Permission copied successfully");
   }
}

The output of the above code is −

Demanding file permissions...
All specified path permissions are granted
Permission copied successfully

FileIOPermissionAccess Enumeration

Conclusion

The FileIOPermission class in C# provides a security mechanism to control file and directory access through Code Access Security. It allows applications to define and enforce specific permissions for file operations, helping maintain system security by preventing unauthorized file access.