C# : Lower integrity of named pipes

Question

I am developing an Internet Explorer Browser Helper Object (BHO) in C#. This BHO detects the URL that the user navigates to and then auto populates the username and password.

The BHO communicates with a process running as a service. The communication occurs over named pipes.

The communication works fine when protected mode is OFF. However when protected mode is ON this does not work. If I run iexplore.exe as adminsitrator then it works.

In protected mode I get the access denied message.

After reading about this I realize that the pipe access is denied because IE is running on a low integrity scope.

I have gone through the following article a. Understanding and Working in Protected Mode Internet Explorer http://msdn.microsoft.com/en-us/library/bb250462.aspx

b.Also went through many suggestions of setting security info before creating the pipe resource to allow lower integrity process to use this. These however havent been of much use to me. I still get the same error.

The only work around I have currently is to communicate over sockets. I verified that this approach works.

I would prefer to use the named pipe approach.

The following is my source code for setting the security context before opening the pipe

Service side code:

PipeSecurity security = new PipeSecurity();
security.AddAccessRule(new PipeAccessRule(
new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null),  // @"Users"
            PipeAccessRights.ReadWrite, 
            System.Security.AccessControl.AccessControlType.Allow
            ));

var currentUser = WindowsIdentity.GetCurrent().Name;
security.AddAccessRule(new PipeAccessRule(currentUser, PipeAccessRights.FullControl,   System.Security.AccessControl.AccessControlType.Allow));


NamedPipeServerStream stream;
stream = new NamedPipeServerStream(
            CommandPipeName,
            PipeDirection.InOut, MAX_PIPE_INSTANCE,
            PipeTransmissionMode.Message, PipeOptions.WriteThrough,
            EPHelperCommandPipeServerConsts.MaxPipeRequestLength,
            EPHelperCommandPipeServerConsts.MaxPipeResponseLength,
            security
            );

do
        {
            n++;

            isListening = true;
            stream.WaitForConnection();
            isListening = false;

            var cs = stream;

            stream = new NamedPipeServerStream(
                    CommandPipeName,
                    PipeDirection.InOut, MAX_PIPE_INSTANCE,
                    PipeTransmissionMode.Message, PipeOptions.WriteThrough,
                    EPHelperCommandPipeServerConsts.MaxPipeRequestLength,
                    EPHelperCommandPipeServerConsts.MaxPipeResponseLength,
                    security
                    );

    // some code

        } while (true);

Is there something that I am missing?

Thanks.

Answer 1

I guess you are falling foul of the Integrity Level mechanism added to Windows in Vista. This mechanism is orthogonal to the access control mechanisms based on Allow and Deny entries in an Access Control List.

The idea of lowering the integrity level of the pipe sounds to me to be the correct approach, but your code doesn't do this at all. There is no support in the .NET Framework classes as yet for making changes to the Integrity Label associated with a resource. You have to work with the Win32 APIs.

See my blog for a description of how I solved a similar issue ( alternative url ): it may give you some pointers