General security
A static class that contains an API for work with the Pipes Provider security features.
- Located at the
PipesProvider.Security
namespace.
- Provides high level API for handling LSA policy.
- Provides high level API for handling users impersonation at WINNT remote devices.
- Provides high level API for configuring pipes' security.
A metadata container that stores a data demands for logon process at a remote device. Used into the TryToLogonAtRemoteDevice
handler that returns SafeAccessTokenHandle
for an impersonated user.
Impersonation of some user (at least guest) demands for an any operation on a remote device.
In case if user name is empty or null, or LogonCongig instance not exist at all then the connection will impersonated as Anonymous (SID NULL).
Look to the ThreadLoop
method at the TransmissionLine
as an example of the code that use impersonated token. The source is here.
An enum that defines requirements for connection establishing. Used by the default ServerLoop
handlers provided by the PipesProvider.Server.ServerAPI
to standardized way of pipes configuration.
Can be converted to a bunch of pipe's rules via the GetRulesForLevels
method.
-
Anonymous (2)
- Not demands logon.
- Demands a Guest user on a server device.
- Demands allownce to a network access via a Guest accounts.
-
RemoteLogon (4)
- Demands authentication via a one of profiles on a server.
-
Local (8)
- A pipe will be available only at the local machine.
-
Administrator (16)
- An access to a pipe will provided only for administrators. By default allowed via remote authentication.
-
Internal (32)
- A pipe will controlled only by a server application and system. Any external connection will be blocked.
EXPEREMENTAL - Can be not enough effective. Recommended manual configuration of system rules, security policy, ports access rules.
By default Local Security Authority policy at a WINNT systems not allows anonymous connections to the device. The DNF implements an API that simplifies a device configuration.
For defining of a LSA policy call the SetLocalSecurityAuthority
method with a target parameter.
At the moment supported auto configuration only for the
SecurityLevel.Anonymous
mode.
- Donate: Why support the initiative? | Patreon
- Contacts: LinkedIn
- See also: WPF Handler | Uniform Data Operator | Datum Point