StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
4499322
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2010-12-21T12:38:02.690
FavoriteCount
0
LastActivityDate
2011-02-04T14:30:22.560
LastEditDate
2017-05-23T12:24:58.297
LastEditorUserId
-1
OwnerUserId
502194
ParentId
4064634
PostTypeId
2
Score
7
ViewCount
0
LastEditorDisplayName
text
Body
I don't think this is going to be possible. The problem is that the integrity label has to be specified in the security descriptor provided when the Named Pipe is created. In the standard NetNamedPipeBinding, that call to <code>CreateNamedPipe</code> happens inside the private <code>CreatePipe()</code> method of the internal WCF class <code>System.ServiceModel.Channels.PipeConnectionListener</code>. I can't see a way to change how it specifies the initial security descriptor for the pipe. See <a href="https://stackoverflow.com/questions/3282365/opening-a-named-pipe-in-low-integrity-level-windows-7-c/4499153#4499153">this question and answer</a> for an outline of what we need to achieve. Writing a custom named pipe transport binding element from scratch seems like the only way at present to get round this, failing which we'll just have to wait for Microsoft to add some enabling features in a future version of WCF. If you have access to Microsoft Connect, you could <a href="https://connect.microsoft.com/wcf/feedback/details/632379/allow-configuring-wcf-named-pipe-with-lower-integrity-reopen-621709" rel="nofollow noreferrer">add your voice to the others requesting this feature</a>. EDIT: I was too pessimistic. I have now found a way to do this. The key was that it turned out you don't necessarily have to specify the integrity label in the security descriptor when the pipe is created - but you do have to modify the SACL using the handle returned from CreateNamedPipe when the listener is opened - i.e. the very first server-side handle to the pipe. Using any other handle, the attempt to add the integrity label always fails, because the <code>dwOpenMode</code> flag parameter to <code>CreateNamedPipe</code> overloads the use of one of the bits to mean both <code>FILE_FLAG_FIRST_PIPE_INSTANCE</code> and <code>WRITE_OWNER</code>. We need the latter access permission in order to add the integrity label, but the presence of the former causes the call to fail on any but the first pipe instance. Getting hold of the first pipe handle is not a trivial undertaking. WCF squirrels it away in an instance of the type <code>System.ServiceModel.Channels.PipeConnectionListener.PendingAccept</code>, stored in a list maintained by the pipe connection listener. The connection listener is not the same thing as the channel listener (which can be grabbed straightforwardly by overriding the <code>BuildChannelListener<></code> method of a binding element), and it is much harder to get at. It involves heroics using reflection, to locate the TransportManager for the endpoint, which holds a reference to the endpoint's connection listener, and then working down a chain of connection listeners (which varies according to configuration of tracing etc) until the pipe connection listener is found. If we are lucky the first pipe handle can then be found in the listener's pending accept list (though there is a race condition here - if a client connects before we get hold of the handle, it will be gone forever). Once the handle is available, lowering the integrity to allow low integrity clients to communicate wth the service is just a matter of calling <code>SetSecurityInfo</code> on the handle to add the integrity label. I plan to cover this is some detail on <a href="http://blogs.charteris.com/blogs/chrisdi/archive/tags/Named+Pipes/default.aspx" rel="nofollow noreferrer">my blog</a> soon.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to lower integrity of WCF named pipe
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USChris Dickson
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow to lower integrity of WCF named pipe
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.