Create an EveryOne SECURITY_ATTRIBUTES.

In the previous article on memory ing files and user permissions, I mentioned using IIS identity simulation to use the memory ing files generated through SharedMemoryEx...

This solution can solve the problem for a while and cannot solve the problem for a long time.
In the previous article MutexEx, you must set the permissions for creating and using Mutex .. similarly, if we want to use this Mutex in different accounts, we may have to use another method of identity simulation.

In Win32, we can create an ACL list for Everyone by creating a null dacl, we can create a memory ing file/Mutex that can be accessed/used by Everyone of the system :)

In Win32, we want to create such a structure. The code is usually as follows:

SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;

InitializeSecurityDescriptor (& sd, SECURITY_DESCRIPTOR_REVISION );
SetSecurityDescriptorDacl (& sd, TRUE, NULL, FALSE );
Sa. nLength = sizeof (SECURITY_ATTRIBUTES );
Sa. bInheritHandle = TRUE;
Sa. lpSecurityDescriptor = & sd;
Return & sa;

In. NET, we also need to create such a structure. We must first define the corresponding structure through P/Invoke ..
For SECURITY_ATTRIBUTES:

[StructLayout (LayoutKind. Sequential)]
Public struct SECURITY_ATTRIBUTES
{
Public uint nLength;
Public IntPtr lpSecurityDescriptor; // point to SECURITY_DESCRIPTOR
Public int bInheritHandle;
}

For. SECURITY_DESCRIPTOR: [StructLayout (LayoutKind. Sequential)]
Public struct SECURITY_DESCRIPTOR
{
Public byte Revision;
Public byte Sbz1;
Public int Control; // point to SECURITY_DESCRIPTOR_CONTROL typedef WORD SECURITY_DESCRIPTOR_CONTROL
Public IntPtr Owner; // point to PSID typedef PVOID PSID
Public IntPtr Group; // point to PSID typedef PVOID PSID
Public IntPtr Sacl; // point to ACL
Public IntPtr Dacl; // point to ACL
}

Because the SECURITY_DESCRIPTOR structure definition uses some other structures, we also define them here: [StructLayout (LayoutKind. Sequential)]
Public struct ACL
{
Public byte AclRevision;
Public byte Sbz1;
Public uint AclSize;
Public uint AceCount;
Public uint Sbz2;
}

The structure is defined, and the preparation is half done :)
The following is the function we want to define: private const int SECURITY_DESCRIPTOR_REVISION = 1;

[DllImport ("advapi32.dll", SetLastError = true)]
Static extern bool InitializeSecurityDescriptor (IntPtr pSecurityDescriptor, uint dwRevision );

[DllImport ("advapi32.dll", SetLastError = true)]
Static extern bool SetSecurityDescriptorDacl (IntPtr pSecurityDescriptor, int bDaclPresent, IntPtr pDacl, int bDaclDefaulted );

Because the second parameter of the InitializeSecurityDescriptor function must be 1, a const int SECURITY_DESCRIPTOR_REVISION is defined to indicate ..

The following code is used: public IntPtr AnonymousSA (bool bInheritHandle)
{


SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES ();
SECURITY_DESCRIPTOR sd = new SECURITY_DESCRIPTOR ();

LpSecurityDescriptor = Marshal. AllocCoTaskMem (Marshal. SizeOf (sd ));
Marshal. StructureToPtr (sd, lpSecurityDescriptor, false );

If (! InitializeSecurityDescriptor (lpSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION ))
{
Throw new ApplicationException ("InitializeSecurityDescriptor invoked fail ");
}

If (! SetSecurityDescriptorDacl (lpSecurityDescriptor, 1, IntPtr. Zero, 0 ))
{
Throw new ApplicationException ("SetSecurityDescriptorDacl invoked fail ");
}

Sa. bInheritHandle = bInheritHandle? 1:0;
Sa. nLength = (uint) Marshal. SizeOf (sa );

Sa. lpSecurityDescriptor = lpSecurityDescriptor;

PSa = Marshal. AllocCoTaskMem (Marshal. SizeOf (sa ));
Marshal. StructureToPtr (sa, pSa, false );

Return pSa;
}

Considering the versatility of this function, I define it as a separate class. SecurityStruct. used to create this NULL DACL structure.
At the same time, because memory allocation in Marshal is used, it is not managed memory, so I inherit this class from IDisposable to release this memory .. public class SecurityStruct: IDisposable
{
Private variable & Propery # region Private variable & Propery
Private IntPtr lpSecurityDescriptor;
Private IntPtr pSa;
# Endregion


Public void Close ()
{
If (lpSecurityDescriptor! = IntPtr. Zero)
{
Marshal. FreeCoTaskMem (lpSecurityDescriptor );
LpSecurityDescriptor = IntPtr. Zero;
}
If (pSa! = IntPtr. Zero)
{
Marshal. FreeCoTaskMem (pSa );
PSa = IntPtr. Zero;
}
}

Public void Dispose ()
{
Close ();
}
}

After creating the Everyone structure, we can directly pass its address to the parameters of CreateFileMapping and CreateMutex.

In this way, we can easily use this MappingFile/Mutex in ASP. NET or other users :)

Download the complete code: SecurityStruct.zip