6

I'm developing an open source .NET assembly (WinSCP .NET assembly) that spawns a native (C++) application and communicates with it via events and file mapping objects.

The assembly spawns the application using the Process class, with no special settings. The assembly creates few events (using the EventWaitHandle) and file mapping (using the PInvoked CreateFileMapping) and the application "opens" these using the OpenEvent and the OpenFileMapping.

It works fine in most cases. But now I'm having a user that uses the assembly from an ASPX application on Windows Server 2008 R2 64 bit.

In his case both the OpenEvent and the OpenFileMapping return NULL and the GetLastError returns the ERROR_ACCESS_DENIED.

I have tried to improve the assembly code by explicitly granting the current user necessary permissions to the event objects and the application code to require only the really needed access rights (instead of original EVENT_ALL_ACCESS) as per Microsoft Docs example. It didn't help. So I did not even bother to try the same for the file mapping object.

The C# code that creates the event is:

EventWaitHandleSecurity security = new EventWaitHandleSecurity();

string user = Environment.UserDomainName + "\\" + Environment.UserName;

EventWaitHandleAccessRule rule;
rule =
    new EventWaitHandleAccessRule(
        user, EventWaitHandleRights.Synchronize | EventWaitHandleRights.Modify,
        AccessControlType.Allow);
security.AddAccessRule(rule);
rule =
    new EventWaitHandleAccessRule(
        user, EventWaitHandleRights.ChangePermissions, AccessControlType.Deny);
security.AddAccessRule(rule);

new EventWaitHandle(
    false, EventResetMode.AutoReset, name, out createdNew, security);

The C++ code that "opens" the events is:

OpenEvent(EVENT_MODIFY_STATE, false, name);

(For other events the access level is SYNCHRONIZE, depending on needs).

I have also tried to add Global\ prefix to the object names. As expected this didn't solve the problem.

Does anyone have any idea what causes the "access denied" error in OpenEvent (or CreateFileMapping)?

Improve this question
13
  • Doubtful you an fix that, ASP.NET apps run by default with a limited user account. Some background here.
    – Hans Passant
    Commented Sep 25, 2014 at 8:17
  • Sorry, I hadn't understood the scenario properly. The problem may be that you are running under a restricted token, i.e., a process can be run in such a way that it doesn't have the complete access rights of the user account it is running as. You might need to examine the security token to find out what SIDs are enabled in order to set permissions on the object appropriately; sorry, I'm not sure how to do that in .NET. Another approach would be to arrange for the subprocess to inherit the existing object handles rather than opening new ones; again, no idea how you'd do that in .NET.
    – Harry Johnston
    Commented Sep 25, 2014 at 21:00
  • If the event and mapped file was created with an ACL that didn't allow everyone access, a restricted context like ASP.NET isn't likely to be able to open it. I'd first suggest opening the event and mapped file with explicit rights for the user that the ASP.NET process runs under.
    – Peter Ritchie
    Commented Sep 26, 2014 at 15:26
  • @MartinPrikryl create... See msdn.microsoft.com/en-us/library/windows/desktop/… for an example (Everyone) of creating the security descriptor of a security attribute structure.
    – Peter Ritchie
    Commented Sep 26, 2014 at 15:39
  • @PeterRitchie: do you happen to know whether the Everyone SID is enabled or not for an ASPX application running with a restricted token? I'm fairly sure the SID for the user account isn't going to be. The best bet is the logon SID, but I'm not quite sure how you would go about extracting that SID from your token.
    – Harry Johnston
    Commented Sep 27, 2014 at 3:10

1 Answer 1

Reset to default
1

My guess is that the event is created by either the anonymous user or the logged in user depending on how the website is setup. But the sub-process is being launched with the base process user. This can be checked by using process monitor and looking at the acl for the event handle to see who the creator is. Then look at the sub process to see who it is running as.
If this is the case then you can update the acl on the event to include the base process. In addition to this, you may still need to prefix with "global" to make sure that the event can be used across user boundaries.

Improve this answer
0

Not the answer you're looking for? Browse other questions tagged or ask your own question.