I have winforms app, in which I need to access a secured directory. I'm using impersonation and create WindowsIdentity to access the folder.

My problem is writing unit tests to test the directory security; I'd like to a write a code that creates a directory secured to only ONE user, which isn't the current user running the UT (or else the test would be worthless).

I know how to add permissions to a certain user, but how can I deny the rest, including admins? (in case the user running the UT is an admin) (will this be a wise thing to do?)

DirectoryInfo directoryInfo = new DirectoryInfo(path);
DirectorySecurity directorySecurity = directoryInfo.GetAccessControl();

directorySecurity.AddAccessRule(new FileSystemAccessRule("Domain\SecuredUser",
                    FileSystemRights.FullControl, 
                    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                    PropagationFlags.InheritOnly,                         
                    AccessControlType.Allow));

directorySecurity.RemoveAccessRule(new FileSystemAccessRule("??",   
                    FileSystemRights.FullControl, 
                    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                    PropagationFlags.InheritOnly,  
                    AccessControlType.Deny));

directoryInfo.SetAccessControl(directorySecurity);

This isn't working. I don't know who am I supposed to deny. Domain\Admins, Domain\Administrators, me... No one is being denied, and when I check folder's security - The SecuredUser has access to the folder, but the permissions are not checked, even though I specified FullControl.

Basically I want to code this:

<authorization>
 <allow users ="Domain\User" />
 <deny users="*" /> 
</authorization>

I was thinking about impersonating UT run with a weak user with no permissions, but this would result in: Impersonate -> Run UT -> Impersonate -> Access folder, and I'm not sure if this is the right design.

Help would be greatly appreciated, thank you.