Represents the Windows access control security applied to a named system wait handle. This class cannot be inherited.
See Also: EventWaitHandleSecurity Members
An System.Security.AccessControl.EventWaitHandleSecurity object specifies access rights for a named system wait handle, and also specifies the way access attempts are audited. Access rights to the wait handle are expressed as rules, with each access rule represented by an System.Security.AccessControl.EventWaitHandleAccessRule object. Each auditing rule is represented by an System.Security.AccessControl.EventWaitHandleAuditRule object.
This mirrors the underlying Windows security system, in which each securable object has at most one discretionary access control list (DACL) that controls access to the secured object, and at most one system access control list (SACL) that specifies which access attempts are audited. The DACL and SACL are ordered lists of access control entries (ACE) that specify access and auditing for users and groups. An System.Security.AccessControl.EventWaitHandleAccessRule or System.Security.AccessControl.EventWaitHandleAuditRule object might represent more than one ACE.
An System.Threading.EventWaitHandle object can represent a local wait handle or a named system wait handle. Windows access control security is meaningful only for named system wait handles.
The System.Security.AccessControl.EventWaitHandleSecurity, System.Security.AccessControl.EventWaitHandleAccessRule, and System.Security.AccessControl.EventWaitHandleAuditRule classes hide the implementation details of ACLs and ACEs. They allow you to ignore the seventeen different ACE types and the complexity of correctly maintaining inheritance and propagation of access rights. These objects are also designed to prevent the following common access control errors:
Creating a security descriptor with a null DACL. A null reference to a DACL allows any user to add access rules to an object, potentially creating a denial-of-service attack. A new System.Security.AccessControl.EventWaitHandleSecurity object always starts with an empty DACL, which denies all access for all users.
Violating the canonical ordering of ACEs. If the ACE list in the DACL is not kept in the canonical order, users might inadvertently be given access to the secured object. For example, denied access rights must always appear before allowed access rights. System.Security.AccessControl.EventWaitHandleSecurity objects maintain the correct order internally.
Manipulating security descriptor flags, which should be under resource manager control only.
Creating invalid combinations of ACE flags.
Manipulating inherited ACEs. Inheritance and propagation are handled by the resource manager, in response to changes you make to access and audit rules.
Inserting meaningless ACEs into ACLs.
The only capabilities not supported by the .NET security objects are dangerous activities that should be avoided by the majority of application developers, such as the following:
Low-level tasks that are normally performed by the resource manager.
Adding or removing access control entries in ways that do not maintain the canonical ordering.
To modify Windows access control security for a named wait handle, use the System.Threading.EventWaitHandle.GetAccessControl method to get the System.Security.AccessControl.EventWaitHandleSecurity object. Modify the security object by adding and removing rules, and then use the System.Threading.EventWaitHandle.SetAccessControl(EventWaitHandleSecurity) method to reattach it.
Changes you make to an System.Security.AccessControl.EventWaitHandleSecurity object do not affect the access levels of the named wait handle until you call the System.Threading.EventWaitHandle.SetAccessControl(EventWaitHandleSecurity) method to assign the altered security object to the named wait handle.
To copy access control security from one wait handle to another, use the System.Threading.EventWaitHandle.GetAccessControl method to get an System.Security.AccessControl.EventWaitHandleSecurity object representing the access and audit rules for the first wait handle, and then use the System.Threading.EventWaitHandle.SetAccessControl(EventWaitHandleSecurity) method, or a constructor that accepts an System.Security.AccessControl.EventWaitHandleSecurity object, to assign those rules to the second wait handle.
Users with an investment in the security descriptor definition language (SDDL) can use the ObjectSecurity.SetSecurityDescriptorSddlForm(string) method to set access rules for a named wait handle, and the ObjectSecurity.GetSecurityDescriptorSddlForm(AccessControlSections) method to obtain a string that represents the access rules in SDDL format. This is not recommended for new development.