Geek Answers Handbook

How to enable SeCreateGlobalPrivilege in .NET without resorting to P / Invoke or reflection?

WCF binding net.pipe does not work when the server is running without promotion. This blog helped me find the answer - http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html

So, I added the SeCreateGlobalPrivilege privilege to the corresponding non-admin user, but now I need to enable this privilege programmatically in .NET

Now there are several examples on the Internet of how to do this in .NET, but they all essentially rewrite simple C code in C # with P / Invoke.

I want to know how to do this using special .NET types such as ObjectSecurity, Privilege, etc., so that my code does not do P / Invoke - let the system code do it for me.

Is it possible?

Thank.

EDIT1

What makes me think it's possible? Well, I searched for using the AdjustTokenPrivileges P / Inovke API in .NET using Reflector and found that there is an ObjectSecurity.Persist method that ultimately calls this P / Invoke. Then this ObjectSecurity has one protected constructor, which means that non-MS code can be obtained from it and call this method.

Thus, this seems feasible using .NET type code (i.e. no reflection).

+4
source share
1 answer

If you do not want to use P / Invoke yourself, you can still use the inner class System.Security.AccessControl.Privilegeusing the Reflection mechanisms, for example:

    // => privilege = new Privilege("SeCreateGlobalPrivilege");
    Type privilegeType = Type.GetType("System.Security.AccessControl.Privilege");
    object privilege = Activator.CreateInstance(privilegeType, "SeCreateGlobalPrivilege");

    // => privilege.Enable();
    privilegeType.GetMethod("Enable").Invoke(privilege, null);

    // =>  privilege.Revert();
    privilegeType.GetMethod("Revert").Invoke(privilege, null);

, , , ., , : -)

+3

More articles:


All Articles