By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,494 Members | 1,079 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,494 IT Pros & Developers. It's quick & easy.

Need help with named mutex shared between asp.net and .net win app.

P: n/a
I have a named mutex object that is accessed by both an asp.net application
and a Windows executable .net application. The Windows executable runs
under the administrator logon, while the asp.net application runs under the
standard asp.net user account. The problem relates to permissions on
creation of the mutex. If the asp.net application creates the mutex, the
executable cannot access it (access denied error). Likewise, if the
executable creates the named mutex, then the asp.net application cannot
access it.

I know that in MFC you can set a security descriptor for the CMutex object
so that it is created with a set security descriptor level. How is this
done in .NET using .NET mutex object?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------
Jul 21 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
pick one, maybe the asp.net account. and set it to impersonate the same
account the windows app uses. better yet, create a single user account and
have both these applications impersonate this user to create and access the
mutex.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
"Ken Varn" <nospam> wrote in message
news:ej**************@TK2MSFTNGP11.phx.gbl...
I have a named mutex object that is accessed by both an asp.net application
and a Windows executable .net application. The Windows executable runs
under the administrator logon, while the asp.net application runs under
the
standard asp.net user account. The problem relates to permissions on
creation of the mutex. If the asp.net application creates the mutex, the
executable cannot access it (access denied error). Likewise, if the
executable creates the named mutex, then the asp.net application cannot
access it.

I know that in MFC you can set a security descriptor for the CMutex object
so that it is created with a set security descriptor level. How is this
done in .NET using .NET mutex object?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------

Jul 21 '05 #2

P: n/a
Sorry, this is not an area I am real familiar with in .NET. I know that in
MFC, I cam create a mutex object with SECURITY_ATTRIBUTES and thus indicate
the security level of the mutex. I am not sure how to do the same thing in
..NET. All I want to do is grant all processes access to this mutex without
doing impersonation. Is this possible?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------
"Alvin Bruney [MVP]" <vapor at steaming post office> wrote in message
news:uG***************@TK2MSFTNGP12.phx.gbl...
pick one, maybe the asp.net account. and set it to impersonate the same
account the windows app uses. better yet, create a single user account and
have both these applications impersonate this user to create and access the mutex.

--
Regards,
Alvin Bruney
[ASP.NET MVP http://mvp.support.microsoft.com/default.aspx]
Got tidbits? Get it here... http://tinyurl.com/27cok
"Ken Varn" <nospam> wrote in message
news:ej**************@TK2MSFTNGP11.phx.gbl...
I have a named mutex object that is accessed by both an asp.net application and a Windows executable .net application. The Windows executable runs
under the administrator logon, while the asp.net application runs under
the
standard asp.net user account. The problem relates to permissions on
creation of the mutex. If the asp.net application creates the mutex, the executable cannot access it (access denied error). Likewise, if the
executable creates the named mutex, then the asp.net application cannot
access it.

I know that in MFC you can set a security descriptor for the CMutex object so that it is created with a set security descriptor level. How is this
done in .NET using .NET mutex object?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------


Jul 21 '05 #3

P: n/a
Bellow is the snippet of the code that either opens already created mutex or
creates one that can be open by any process.
The trick here is to set right security attributes for newly created mutex.
Some of the functions used are from native Win32 API - you will need to map
them to your program.
Let me know if you have problems doing so.
private void PrivateConstruct(bool initiallyOwned, string name, out
bool createdNew)
{
// It's faster to first try OpenMutex
int hMutex = OpenMutex(SYNCHRONIZE, 1, ToSystemMutexName(name));
createdNew = false;
if (hMutex == 0)
{
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
sa.nLength =
System.Runtime.InteropServices.Marshal.SizeOf(sa);
sa.bInheritHandle = 1;
sa.lpSecurityDescriptor = 0;

int securityDescriptorSize = 0; // dummy
int result =
ConvertStringSecurityDescriptorToSecurityDescripto r(
"D:(A;NP;0x001f0001;;;WD)", // Grant
MUTEX_ALL_ACCESS to Everyone
SDDL_REVISION_1,
ref sa.lpSecurityDescriptor,
ref securityDescriptorSize);
if (result == 0)
{
throw new Exception("Failure while creating security
descriptor for new mutex");
}

hMutex = CreateMutex(ref sa, initiallyOwned ? 1 : 0,
ToSystemMutexName(name));
createdNew = (Marshal.GetLastWin32Error() !=
ERROR_ALREADY_EXISTS);
LocalFree(sa.lpSecurityDescriptor);

if (hMutex == 0)
{
// If we get here, some sort of unrecoverable error has
presumably occurred.
// However, we will try one last time, in case it was
merely some sort of race condition.
// Note that I do not believe that there is any opening
for a race condition in the above code.
// Nevertheless, we have nothing to lose by giving it
one last try.
hMutex = OpenMutex(SYNCHRONIZE, 1,
ToSystemMutexName(name));
createdNew = false;
if (hMutex == 0)
{
throw new Exception("Unable to create or open
mutex.");
}
}
}

Handle = (IntPtr)hMutex;
}
Sergiy Mesropyan
www.anticipatingminds.com


"Ken Varn" <nospam> wrote in message
news:ej**************@TK2MSFTNGP11.phx.gbl...
I have a named mutex object that is accessed by both an asp.net application and a Windows executable .net application. The Windows executable runs
under the administrator logon, while the asp.net application runs under the standard asp.net user account. The problem relates to permissions on
creation of the mutex. If the asp.net application creates the mutex, the
executable cannot access it (access denied error). Likewise, if the
executable creates the named mutex, then the asp.net application cannot
access it.

I know that in MFC you can set a security descriptor for the CMutex object
so that it is created with a set security descriptor level. How is this
done in .NET using .NET mutex object?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------

Jul 21 '05 #4

P: n/a
It sounds as if there is no way to do this in native .NET code without using
pinvoke. Seems odd that this functionality was not included in the Mutex
object since this is part of the Win32 Mutex capability.

My module is in managed C++, but I was using the .NET version of Mutex just
to limit the amount of mixed code that I was using. I guess I can go back
and use the Win32 calls directory in my managed C++ code. It is a little
frustrating when some of these basic Win32 features are not included in
managed classes that appear to mimic the Win32 functionality.

Also, as a side note, I can't even understand why the ASP.NET application
would prevent the Windows application from accessing the mutex that it
created since the windows app was running as an administrator level.
--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------
"Sergiy Mesropyan" <no****@nospam.com> wrote in message
news:Gv********************@comcast.com...
Bellow is the snippet of the code that either opens already created mutex or creates one that can be open by any process.
The trick here is to set right security attributes for newly created mutex. Some of the functions used are from native Win32 API - you will need to map them to your program.
Let me know if you have problems doing so.
private void PrivateConstruct(bool initiallyOwned, string name, out bool createdNew)
{
// It's faster to first try OpenMutex
int hMutex = OpenMutex(SYNCHRONIZE, 1, ToSystemMutexName(name)); createdNew = false;
if (hMutex == 0)
{
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
sa.nLength =
System.Runtime.InteropServices.Marshal.SizeOf(sa);
sa.bInheritHandle = 1;
sa.lpSecurityDescriptor = 0;

int securityDescriptorSize = 0; // dummy
int result =
ConvertStringSecurityDescriptorToSecurityDescripto r(
"D:(A;NP;0x001f0001;;;WD)", // Grant
MUTEX_ALL_ACCESS to Everyone
SDDL_REVISION_1,
ref sa.lpSecurityDescriptor,
ref securityDescriptorSize);
if (result == 0)
{
throw new Exception("Failure while creating security
descriptor for new mutex");
}

hMutex = CreateMutex(ref sa, initiallyOwned ? 1 : 0,
ToSystemMutexName(name));
createdNew = (Marshal.GetLastWin32Error() !=
ERROR_ALREADY_EXISTS);
LocalFree(sa.lpSecurityDescriptor);

if (hMutex == 0)
{
// If we get here, some sort of unrecoverable error has presumably occurred.
// However, we will try one last time, in case it was
merely some sort of race condition.
// Note that I do not believe that there is any opening for a race condition in the above code.
// Nevertheless, we have nothing to lose by giving it
one last try.
hMutex = OpenMutex(SYNCHRONIZE, 1,
ToSystemMutexName(name));
createdNew = false;
if (hMutex == 0)
{
throw new Exception("Unable to create or open
mutex.");
}
}
}

Handle = (IntPtr)hMutex;
}
Sergiy Mesropyan
www.anticipatingminds.com


"Ken Varn" <nospam> wrote in message
news:ej**************@TK2MSFTNGP11.phx.gbl...
I have a named mutex object that is accessed by both an asp.net

application
and a Windows executable .net application. The Windows executable runs
under the administrator logon, while the asp.net application runs under

the
standard asp.net user account. The problem relates to permissions on
creation of the mutex. If the asp.net application creates the mutex, the executable cannot access it (access denied error). Likewise, if the
executable creates the named mutex, then the asp.net application cannot
access it.

I know that in MFC you can set a security descriptor for the CMutex object so that it is created with a set security descriptor level. How is this
done in .NET using .NET mutex object?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------


Jul 21 '05 #5

P: n/a
There is basically no support for Windows security in .NET 1.x except for
the WindowsIdentity and WindowsPrincipal classes. Thus, any time you need
to do something with SDs, DACLs, ACEs, SIDs and tokens, you end up doing
interop and pinvoke. Thus the proliferation of wrappers to fill the gap.

The Whidbey story is better though. Also greatly improved is crypto support
which needed a lot of help too.

Joe K.

"Ken Varn" <nospam> wrote in message
news:eo**************@tk2msftngp13.phx.gbl...
It sounds as if there is no way to do this in native .NET code without using pinvoke. Seems odd that this functionality was not included in the Mutex
object since this is part of the Win32 Mutex capability.

My module is in managed C++, but I was using the .NET version of Mutex just to limit the amount of mixed code that I was using. I guess I can go back
and use the Win32 calls directory in my managed C++ code. It is a little
frustrating when some of these basic Win32 features are not included in
managed classes that appear to mimic the Win32 functionality.

Also, as a side note, I can't even understand why the ASP.NET application
would prevent the Windows application from accessing the mutex that it
created since the windows app was running as an administrator level.
--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------
"Sergiy Mesropyan" <no****@nospam.com> wrote in message
news:Gv********************@comcast.com...
Bellow is the snippet of the code that either opens already created mutex
or
creates one that can be open by any process.
The trick here is to set right security attributes for newly created

mutex.
Some of the functions used are from native Win32 API - you will need to

map
them to your program.
Let me know if you have problems doing so.
private void PrivateConstruct(bool initiallyOwned, string name,

out
bool createdNew)
{
// It's faster to first try OpenMutex
int hMutex = OpenMutex(SYNCHRONIZE, 1,

ToSystemMutexName(name));
createdNew = false;
if (hMutex == 0)
{
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
sa.nLength =
System.Runtime.InteropServices.Marshal.SizeOf(sa);
sa.bInheritHandle = 1;
sa.lpSecurityDescriptor = 0;

int securityDescriptorSize = 0; // dummy
int result =
ConvertStringSecurityDescriptorToSecurityDescripto r(
"D:(A;NP;0x001f0001;;;WD)", // Grant
MUTEX_ALL_ACCESS to Everyone
SDDL_REVISION_1,
ref sa.lpSecurityDescriptor,
ref securityDescriptorSize);
if (result == 0)
{
throw new Exception("Failure while creating security
descriptor for new mutex");
}

hMutex = CreateMutex(ref sa, initiallyOwned ? 1 : 0,
ToSystemMutexName(name));
createdNew = (Marshal.GetLastWin32Error() !=
ERROR_ALREADY_EXISTS);
LocalFree(sa.lpSecurityDescriptor);

if (hMutex == 0)
{
// If we get here, some sort of unrecoverable error

has
presumably occurred.
// However, we will try one last time, in case it was merely some sort of race condition.
// Note that I do not believe that there is any

opening
for a race condition in the above code.
// Nevertheless, we have nothing to lose by giving it one last try.
hMutex = OpenMutex(SYNCHRONIZE, 1,
ToSystemMutexName(name));
createdNew = false;
if (hMutex == 0)
{
throw new Exception("Unable to create or open
mutex.");
}
}
}

Handle = (IntPtr)hMutex;
}
Sergiy Mesropyan
www.anticipatingminds.com


"Ken Varn" <nospam> wrote in message
news:ej**************@TK2MSFTNGP11.phx.gbl...
I have a named mutex object that is accessed by both an asp.net

application
and a Windows executable .net application. The Windows executable runs under the administrator logon, while the asp.net application runs under
the
standard asp.net user account. The problem relates to permissions on
creation of the mutex. If the asp.net application creates the mutex,

the executable cannot access it (access denied error). Likewise, if the
executable creates the named mutex, then the asp.net application
cannot access it.

I know that in MFC you can set a security descriptor for the CMutex

object so that it is created with a set security descriptor level. How is this done in .NET using .NET mutex object?

--
-----------------------------------
Ken Varn
Senior Software Engineer
Diebold Inc.

EmailID = varnk
Domain = Diebold.com
-----------------------------------



Jul 21 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.