How do you create Windows security descriptors in managed code??

Question

I have a named pipe that's created in a managed process. I have a 2nd process that tries to open a file handle to the named pipe, however the 2nd process is running under an lower privilege than the process that created the named pipe. My understanding is that I need to create the named pipe in the first process with a security descriptor like the one described in this MSKB article: http://support.microsoft.com/kb/813414

The problem is that I am not sure how to do this in managed code, the KB article uses C++. Does anyone know of a way to create the named pipe so that it can be read and written to anonymously, preferably using a security descriptor? Lowering the privileges of the first process that created the named pipe is not an option, I need it to be running with high privileges.

Answer 1

You can pinvoke the ConvertStringSecurityDescriptorToSecurityDescriptor API and pass a security descriptor in SDDL. If you want detailed control on the describer, you can find wrapper classes in open source communities, such as this one. Here is an examples to use the security descriptor on named pipes.