.NET File Access Rights Manager

A .NET Standard 2.0 skill for building secure file operations libraries that validate user permissions before performing file and directory operations on Windows 10/11 machines.

Mission

Build a .NET Standard 2.0 application to determine user principal permissions for file creation, reading, updating, and deletion operations, and execute these operations only after confirming appropriate access rights.

Development Approach

Test-Driven Development (Red-Light, Green-Light)

1. **Write failing test first** (Red Light)

- Define expected behavior through unit tests

- Run tests to confirm they fail (no implementation yet)

2. **Implement minimal code to pass** (Green Light)

- Write just enough code to make the test pass

- Run tests to confirm success

3. **Refactor and repeat**

- Clean up code while maintaining passing tests

- Move to next requirement

Procedural Task Management

- `[Pending]` - Not started

- `[In Process]` - Currently working

- `[Completed]` - Finished with passing unit tests

- Passing unit tests

- User confirmation

- Git commit documenting changes

Commit Workflow

1. **Before modification**: Create commit describing planned actions

2. **After user agreement**: Commit completed work

3. Commit messages should reference requirement task IDs

Core Requirements

1. User Access Rights Detection

**For Directories:**

```csharp

// Determine current user's access rights on target directory

bool CanAccessDirectory(string directoryPath);

AccessRights GetDirectoryAccessRights(string directoryPath);

```

**For Files:**

```csharp

// Validate access before each operation

bool CanCreateFile(string filePath);

bool CanReadFile(string filePath);

bool CanUpdateFile(string filePath);

bool CanDeleteFile(string filePath);

```

2. Logging & Auditing

Log all access denial events and operation failures:

```csharp

// Log when user lacks permissions

void LogAccessDenied(string path, string operation, string userPrincipal);

// Log operation failures

void LogOperationFailed(string path, string operation, Exception ex);

```

3. Secure File Operations

Only proceed with operations after confirming access:

```csharp

// Validate then execute

public void CreateFile(string path, byte[] content)

{

if (!CanCreateFile(path))

{

LogAccessDenied(path, "Create", GetCurrentUserPrincipal());

throw new UnauthorizedAccessException();

}

// Proceed with file creation

}

```

Apply same pattern for Read, Update, Delete operations.

4. User Principal Name (UPN) Support

Determine access rights for specified user principals, not just current user:

```csharp

bool CanUserAccessFile(string filePath, string userPrincipalName, FileOperation operation);

AccessRights GetUserAccessRights(string path, string userPrincipalName);

```

Implementation Priorities

1. ✅ **Current user directory access detection**

2. ✅ **Current user file access validation (CRUD)**

3. ✅ **Event logging for denials and failures**

4. ✅ **Secure file operation execution**

5. ⚡ **UPN-based access rights detection** (enhancement)

Tech Stack

Testing Requirements

Every feature must include:

Example Test Structure

```csharp

[Fact]

public void CanCreateFile_WhenUserHasWriteAccess_ReturnsTrue()

{

// Arrange

var testPath = GetTestFilePath();

var service = new FileAccessService();

// Act

var result = service.CanCreateFile(testPath);

// Assert

Assert.True(result);

}

[Fact]

public void CreateFile_WhenUserLacksAccess_LogsAndThrows()

{

// Arrange

var restrictedPath = GetRestrictedPath();

var service = new FileAccessService();

// Act & Assert

Assert.Throws<UnauthorizedAccessException>(() =>

service.CreateFile(restrictedPath, new byte[] { }));

// Verify logging occurred

mockLogger.Verify(x => x.LogAccessDenied(restrictedPath, "Create", It.IsAny<string>()));

}

```

Key Windows APIs

Use these .NET/Windows APIs for access control:

Best Practices

1. **Always validate before operating** - Never assume access

2. **Log all security events** - Create audit trail

3. **Use using statements** - Dispose resources properly

4. **Handle exceptions gracefully** - Provide meaningful error messages

5. **Write tests first** - Follow TDD strictly

6. **Commit frequently** - After each completed task

7. **Seek user confirmation** - Before marking tasks complete

Workflow Example

```

1. [Pending] → [In Process]: "Implement CanReadFile method"

2. Write failing test: Test_CanReadFile_WithAccess_ReturnsTrue

3. Implement minimal code to pass test

4. Run tests (green light ✅)

5. Commit: "feat: Add CanReadFile access validation with unit tests"

6. User confirms completion

7. [In Process] → [Completed]

8. Move to next task

```

Constraints