I would like to get the username of an accessed file (add, delete, rename,...). actually I use filesystemwatcher to monitor the file access and I have activated object access on an directory to get userinformation via eventlogs. This solution is not perfect, because there are a lot of file events and the eventlog messages are not so detailed. there is just one eventd id for write data. this it is used for add file, rename , move,... every write data. Additionally I had to crosscheck that the eventlog message matches the filesystemwatcher event. I would prefer handle this better. so i spend al lot of time googleing, reading, ... I know there is another post on stackoverflow
but i think there should be a possible solution because Windows Events can get the username.
with reading on a few pages i disovered that there should be a possible solution using netapi32.dll. the example code on http://vbcity.com/forums/t/133307.aspx?PageIndex=2 doesn't work for me. i was unable to get the fileid so i changed the code to
private ulong GetFileIdFromPath(string filePath)
{
WinAPI.BY_HANDLE_FILE_INFORMATION objectFileInfo = new WinAPI.BY_HANDLE_FILE_INFORMATION();
Thread.Sleep(200);
FileInfo fi = new FileInfo(filePath);
FileStream fs = fi.Open(FileMode.Open, FileAccess.Read, FileShare.Read);
WinAPI.GetFileInformationByHandle(fs.Handle, out objectFileInfo);
fs.Close();
ulong fileIndex = ((ulong)objectFileInfo.FileIndexHigh << 32) + (ulong)objectFileInfo.FileIndexLow;
return fileIndex;
}
with this code I'm able to get the fileid but with the fileid and the example code I'm unable to get the username.
From My last program ( 2 week ago) - I was asked to audit change in files ( also the user name)
the Solution was by filesystemwatcher and after an event -> goto the Event Log of windows and bu Xpath search - To find which user made the action.