5

My net.pipe WCF binding does not work when the server runs non elevated. This blog helped me find the answer - http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html

So, I added the SeCreateGlobalPrivilege privilege to the relevant non admin user, but now I have to enable the privilege programmatically in .NET

Now, there are several examples on the internet how to do it in .NET, but all of them essentially rewrite plain C code to C# with P/Invoke.

I wish to know how to do it using the dedicated .NET system types, like ObjectSecurity, Privilege and so on, so that my code does not do any P/Invoke - let the system code do it for me.

Is it possible?

Thanks.

EDIT1

What makes me think it is possible? Well, I searched for the AdjustTokenPrivileges P/Inovke API usage in .NET using Reflector and found, that there is ObjectSecurity.Persist method , which ultimately invokes this P/Invoke. Next, this ObjectSecurity has one protected constructor, meaning it is possible for a non MS code to derive from it and invoke this method.

So, it seems feasible using type-safe .NET code (i.e. no reflection).

mark
  • 59,016
  • 79
  • 296
  • 580

1 Answers1

7

If you don't want to use P/Invoke by yourself, you can still use the internal System.Security.AccessControl.Privilege class, using Reflection mechanisms, like this:

    // => privilege = new Privilege("SeCreateGlobalPrivilege");
    // this is for .NET Framework
    var privilegeType = Type.GetType("System.Security.AccessControl.Privilege");

    // this for .NET Core and above (you need to add the "System.Security.AccessControl" nuget package)
    var privilegeType = Type.GetType("System.Security.AccessControl.Privilege, System.Security.AccessControl");

    var privilege = Activator.CreateInstance(privilegeType, "SeCreateGlobalPrivilege");

    // => privilege.Enable();
    privilegeType.GetMethod("Enable").Invoke(privilege, null);

    // =>  privilege.Revert();
    privilegeType.GetMethod("Revert").Invoke(privilege, null);

I'm not sure it's really better, because it's more or less a hack, not supported et al., but ok, it's easy for lazy guys :-)

Simon Mourier
  • 132,049
  • 21
  • 248
  • 298
  • EDIT1 of my question also implies that I believe there is a fully supported type-safe solution in .NET. At least this is my goal. I like to use reflection as much as anyone else - I don't. – mark Apr 04 '11 at 10:07
  • I have edited the question title to indicate that reflection is unwanted - something that I have meant from the beginning, but never expressed explicitly. – mark Apr 04 '11 at 10:09
  • 1
    @mark - The fact that this class is fully functional but marked as internal means there is 99% chance there's nothing public elsewhere. You basically have your answer, it's **no**. Still I think this is the best shot since it's actually well written (takes care of threading jazz), and you'll have hard time trying to do best. – Simon Mourier Apr 04 '11 at 10:16
  • I am not suggesting using the Privilege type directly, rather the type ObjectSecurity, which is public. – mark Apr 04 '11 at 18:02