获得Accesed文件的用户名 [英] Get Username of an Accesed File
问题描述
我想获得一个访问的文件(添加,删除,重命名,......)的用户名。
其实我用FileSystemWatcher的监视文件访问,我已经激活上的目录对象的访问通过eventlogs得到userinformation。该解决方案是不完美的,因为有很多文件中的事件和事件日志消息不那么详细。只有一个用于写入数据eventd ID。这一点,是用于添加文件,重命名,移动,... ...每一个写数据。此外,我不得不交叉检查,该事件日志消息FileSystemWatcher的事件相匹配。我宁愿处理这个更好。所以我花人大量的时间googleing,阅读,......我知道有计算器上的另一篇文章
I would like to get the username of an accessed file (add, delete, rename,...). actually I use filesystemwatcher to monitor the file access and I have activated object access on an directory to get userinformation via eventlogs. This solution is not perfect, because there are a lot of file events and the eventlog messages are not so detailed. there is just one eventd id for write data. this it is used for add file, rename , move,... every write data. Additionally I had to crosscheck that the eventlog message matches the filesystemwatcher event. I would prefer handle this better. so i spend al lot of time googleing, reading, ... I know there is another post on stackoverflow
但我认为应该是因为Windows中的一个可能的解决方案事件可以得到的用户名。
but i think there should be a possible solution because Windows Events can get the username.
通过阅读我disovered应该有使用的netapi32.dll一个可能的解决方案几页。在$ B $的例子码B http://vbcity.com/forums/t /133307.aspx?PageIndex=2
不为我工作。我无法得到FILEID所以我改变了代码
with reading on a few pages i disovered that there should be a possible solution using netapi32.dll. the example code on http://vbcity.com/forums/t/133307.aspx?PageIndex=2 doesn't work for me. i was unable to get the fileid so i changed the code to
private ulong GetFileIdFromPath(string filePath)
{
WinAPI.BY_HANDLE_FILE_INFORMATION objectFileInfo = new WinAPI.BY_HANDLE_FILE_INFORMATION();
Thread.Sleep(200);
FileInfo fi = new FileInfo(filePath);
FileStream fs = fi.Open(FileMode.Open, FileAccess.Read, FileShare.Read);
WinAPI.GetFileInformationByHandle(fs.Handle, out objectFileInfo);
fs.Close();
ulong fileIndex = ((ulong)objectFileInfo.FileIndexHigh << 32) + (ulong)objectFileInfo.FileIndexLow;
return fileIndex;
}
这段代码我能够得到FILEID但与FILEID和示例代码,我无法获得用户名。
with this code I'm able to get the fileid but with the fileid and the example code I'm unable to get the username.
推荐答案
这是我的最后一个程序(2星期前) - 我被要求审核文件中的变化(同时也是用户名)
From My last program ( 2 week ago) - I was asked to audit change in files ( also the user name)
该解决方案由FileSystemWatcher对象,并在事件发生后 - >后藤窗口的事件日志和BU的Xpath搜索 - 要找到哪个用户做出的动作
the Solution was by filesystemwatcher and after an event -> goto the Event Log of windows and bu Xpath search - To find which user made the action.
public static EventUnit DisplayEventAndLogInformation(string fileToSearch, DateTime actionTime)
{
StringBuilder sb = new StringBuilder();
const string queryString = @"<QueryList>
<Query Id=""0"" Path=""Security"">
<Select Path=""Security"">*</Select>
</Query>
</QueryList>";
EventLogQuery eventsQuery = new EventLogQuery("Security", PathType.LogName, queryString);
eventsQuery.ReverseDirection = true;
EventLogReader logReader = new EventLogReader(eventsQuery);
EventUnit e = new EventUnit();
bool isStop = false;
for (EventRecord eventInstance = logReader.ReadEvent(); null != eventInstance; eventInstance = logReader.ReadEvent())
{
foreach (var VARIABLE in eventInstance.Properties)
if (VARIABLE.Value.ToString().ToLower().Contains(fileToSearch.ToLower()) && actionTime.ToString("d/M/yyyy HH:mm:ss") == eventInstance.TimeCreated.Value.ToString("d/M/yyyy HH:mm:ss"))
{
foreach (var VARIABLE2 in eventInstance.Properties) sb.AppendLine(VARIABLE2.Value.ToString());
e.Message = sb.ToString();
e.User = (eventInstance.Properties.Count > 1) ? eventInstance.Properties[1].Value.ToString() : "n/a";
e.File = fileToSearch;
isStop = true;
break;
}
if (isStop) break;
try
{
// Console.WriteLine("Description: {0}", eventInstance.FormatDescription());
}
catch (Exception e2)
{
}
}
return e;
}
这篇关于获得Accesed文件的用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
