views:

42

answers:

4

I am creating a named pipe in windows service running on local syastem account with security attribute as Intptr.Zero in CreateNamedPipe() method of Windows API.

The problem is that this named pipe is not accesible to the user account running the client application and calling CreateFile() method.

Now I have googled a lot and found out that we can change the security attributes but I am not able to do that. Please help me in recitfying the issue. This is very urgent I dont have much time.

A: 

I just ran in to this problem myself on Friday. If you are using .net 3.5 or higher see my question on how to set the permissions. using System.IO.Pipes (In summary create a PipeSecurity and add access rules for the users group with read/write permissions.)

Scott Chamberlain
the problem is u have used .net named pipes and im using win api named pipes... can u please provide solution regarding win32 api named pipe security attributes.
Apurva Saxena
I tried to do my solution with win32 named pipes and was not able to get it to work unfortunatly. Then I found the .net wrapper and it worked. May I ask why you are staying away from the .net version?
Scott Chamberlain
i used .net wrapper earlier but got disconnection issues in windows services running in local system account. so i switched to win api'
Apurva Saxena
A: 

What exactly are you not able to do, and what have you tried? You have to change the parameter type of the last parameter from IntPtr to ref SECURITY_ATTRIBUTES and pass in the security settings explicitly.

Creating a security descriptor manually in code can get messy. Using the string representation with ConvertStringSecurityDescriptorToSecurityDescriptor makes it a little bit less painfull.

Mattias S
I am new to win API'. Can u please provide me code for the making custom security attributes as when I made a delegate named security attributes and passed it to the last paramenter its giving CA1901 error.
Apurva Saxena
A: 

Hi, Creating a file in non-application directories (Directory other than where the application resides), is considerred to be a restricted activity. This is to protect your system from being edited unknowingly by any remote assemblies.

If you feel an assembly is a trusted assembly that won't harm your computer, you can say so and make it access some of the restricted areas.

  1. Goto to Control Panel.
  2. Select Administrative Tools.
  3. Open the Microsoft .Net Framework 2.0 Configuration.
  4. It'll open up the Framework Configuration tool.
  5. Here, expand .Net Framework 2.0 Configuration, My Computer.
  6. Right Click on the Runtime Security Policy and select "Trust assembly"
  7. Here you can follow the wizard to select your assembly and apply the required permission to your assembly.

Refer: http://support.microsoft.com/kb/815147

Does it help?

SaravananArumugam
This has nothing to do with pipes.
Scott Chamberlain
saravandss if i can use special configuration of assembly then i can also run it with admin rights.
Apurva Saxena
Hi, .Net provides ways for restricting access to some of your code by making authentication or checking user permissions. This is called Code Access Security. This provides methods for programatically control user access to your code and most of these can also be done by inbuilt Attributes.But I guess it doesn't provide abilities to expand your access in a restricted place. Imagine, if a hacker has this ability, he can provide himself unresticted access and exploit any machine. That's the reason it is configured manually. The idea is if you trust an assembly, give trust to it manually.
SaravananArumugam
dude ur not getting the point... i cannot make a dependent application
Apurva Saxena
A: 

Finally after hell lot of googling I found out the solution to my problem. I used two more win api methods to set access to user account. the methods are as follows

  1. SetSecurityDescriptorDacl()
  2. InitializeSecurityDescriptor()

for detailed answer you can refer to what i refered... http://www.codeproject.com/KB/threads/CodeFX_IPC.aspx?display=Print

Thanks for your answers....

Apurva Saxena