tags:

views:

42

answers:

4
+1  Q: 

How to add security attributes for non admin rights account in creatnamedpipe method of win API

I am creating a named pipe in windows service running on local syastem account with security attribute as Intptr.Zero in CreateNamedPipe() method of Windows API.

The problem is that this named pipe is not accesible to the user account running the client application and calling CreateFile() method.

Now I have googled a lot and found out that we can change the security attributes but I am not able to do that. Please help me in recitfying the issue. This is very urgent I dont have much time.

A: 

I just ran in to this problem myself on Friday. If you are using .net 3.5 or higher see my question on how to set the permissions. using System.IO.Pipes (In summary create a PipeSecurity and add access rules for the users group with read/write permissions.)

Scott Chamberlain  2010-08-16 13:23:19
the problem is u have used .net named pipes and im using win api named pipes... can u please provide solution regarding win32 api named pipe security attributes.
Apurva Saxena  2010-08-16 13:26:13
I tried to do my solution with win32 named pipes and was not able to get it to work unfortunatly. Then I found the .net wrapper and it worked. May I ask why you are staying away from the .net version?
Scott Chamberlain  2010-08-16 13:27:34
i used .net wrapper earlier but got disconnection issues in windows services running in local system account. so i switched to win api'
Apurva Saxena  2010-08-16 13:28:59
A: 

What exactly are you not able to do, and what have you tried? You have to change the parameter type of the last parameter from IntPtr to ref SECURITY_ATTRIBUTES and pass in the security settings explicitly.

Creating a security descriptor manually in code can get messy. Using the string representation with ConvertStringSecurityDescriptorToSecurityDescriptor makes it a little bit less painfull.

Mattias S  2010-08-16 13:35:13
I am new to win API'. Can u please provide me code for the making custom security attributes as when I made a delegate named security attributes and passed it to the last paramenter its giving CA1901 error.
Apurva Saxena  2010-08-16 13:40:19
A: 

Hi, Creating a file in non-application directories (Directory other than where the application resides), is considerred to be a restricted activity. This is to protect your system from being edited unknowingly by any remote assemblies.

If you feel an assembly is a trusted assembly that won't harm your computer, you can say so and make it access some of the restricted areas.

  1. Goto to Control Panel.
  2. Select Administrative Tools.
  3. Open the Microsoft .Net Framework 2.0 Configuration.
  4. It'll open up the Framework Configuration tool.
  5. Here, expand .Net Framework 2.0 Configuration, My Computer.
  6. Right Click on the Runtime Security Policy and select "Trust assembly"
  7. Here you can follow the wizard to select your assembly and apply the required permission to your assembly.

Refer: http://support.microsoft.com/kb/815147

Does it help?

SaravananArumugam  2010-08-16 14:30:19
This has nothing to do with pipes.
Scott Chamberlain  2010-08-16 14:32:18
saravandss if i can use special configuration of assembly then i can also run it with admin rights.
Apurva Saxena  2010-08-16 14:34:55
Hi, .Net provides ways for restricting access to some of your code by making authentication or checking user permissions. This is called Code Access Security. This provides methods for programatically control user access to your code and most of these can also be done by inbuilt Attributes.But I guess it doesn't provide abilities to expand your access in a restricted place. Imagine, if a hacker has this ability, he can provide himself unresticted access and exploit any machine. That's the reason it is configured manually. The idea is if you trust an assembly, give trust to it manually.
SaravananArumugam  2010-08-16 15:05:05
dude ur not getting the point... i cannot make a dependent application
Apurva Saxena  2010-08-16 15:27:57
A: 

Finally after hell lot of googling I found out the solution to my problem. I used two more win api methods to set access to user account. the methods are as follows

  1. SetSecurityDescriptorDacl()
  2. InitializeSecurityDescriptor()

for detailed answer you can refer to what i refered... http://www.codeproject.com/KB/threads/CodeFX_IPC.aspx?display=Print

Thanks for your answers....

Apurva Saxena  2010-08-16 15:31:37

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?