Open
Description
Background and Motivation
We've had a few asks about how to set permissions for the request queue created by Http.Sys. After helping one team manually do PInvoking and getting it working, we've distilled the needed API here so they can get rid of their code and let us continue setting up the request queue.
Proposed API
namespace Microsoft.AspNetCore.Server.HttpSys;
public class HttpSysOptions
{
public string? RequestQueueName { get; set; }
+ public GenericSecurityDescriptor? RequestQueueSecurityDescriptor { get; set; }
}Usage Examples
CommonSecurityDescriptor securityDescriptor = new CommonSecurityDescriptor(false, false, string.Empty);
DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, 2);
dacl.AddAccess(AccessControlType.Allow, new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), -1, InheritanceFlags.None, PropagationFlags.None);
dacl.AddAccess(AccessControlType.Deny, new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null), -1, InheritanceFlags.None, PropagationFlags.None);
securityDescriptor.DiscretionaryAcl = dacl;
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.UseHttpSys(options =>
{
options.RequestQueueName = "SomeQueueName";
options.RequestQueueSecurityDescriptor = securityDescriptor;
});
var app = builder.Build();Alternative Designs
The only alternative is to create the request queue yourself in code, which involves PInvoking and native memory management, and then telling our Http.Sys server to attach to the queue that was created.
Risks
N/A