How do you create Windows security descriptors in managed code?

Question

How do you create Windows security descriptors in managed code?

I have a named pipe created in a managed process. I have a second process that tries to open a file descriptor for a named pipe, however the second process runs under a lower privilege than the process that created the named pipe. I understand that I need to create a named pipe in the first process with a security descriptor similar to that described in this MSKB article: http://support.microsoft.com/kb/813414

The problem is that I'm not sure how to do this in managed code, the KB article uses C ++. Does anyone know a way to create a named pipe so that it can be read and written anonymously, preferably using a security descriptor? Reducing the privileges of the first process that created the named pipe is not an option; I need it to work with high privileges.

+6

security c # .net winapi named-pipes

Leeks and leaks Jan 15 '10 at 19:40

source share

1 answer

Sheng Jiang 蒋晟 · Answer 1 · 2010-01-16T01:22:22+0000

You can output the ConvertStringSecurityDescriptorToSecurityDescriptor API and pass the security descriptor to the SDDL . If you need detailed descriptor control, you can find wrapper classes in open source communities, like this one . Here are examples of using a security descriptor for named pipes.

How do you create Windows security descriptors in managed code?

More articles: