Export (0) Print
Expand All

Mutex::GetAccessControl Method

Gets a MutexSecurity object that represents the access control security for the named mutex.

Namespace:  System.Threading
Assembly:  mscorlib (in mscorlib.dll)

public:
MutexSecurity^ GetAccessControl()

Return Value

Type: System.Security.AccessControl::MutexSecurity
A MutexSecurity object that represents the access control security for the named mutex.

ExceptionCondition
UnauthorizedAccessException

The current Mutex object represents a named system mutex, but the user does not have MutexRights::ReadPermissions.

-or-

The current Mutex object represents a named system mutex, and was not opened with MutexRights::ReadPermissions.

NotSupportedException

Not supported for Windows 98 or Windows Millennium Edition.

The GetAccessControl method uses the following combination of flags (combined using the bitwise OR operation) to search for permissions: AccessControlSections::Access, AccessControlSections::Owner, and AccessControlSections::Group.

The user must have MutexRights::ReadPermissions to call this method, and the mutex must have been opened with MutexRights::ReadPermissions.

The following code example demonstrates the cross-process behavior of a named mutex with access control security. The example uses the OpenExisting(String) method overload to test for the existence of a named mutex.

If the mutex does not exist, it is created with initial ownership and access control security that denies the current user the right to use the mutex, but grants the right to read and change permissions on the mutex.

If you run the compiled example from two command windows, the second copy will throw an access violation exception on the call to OpenExisting(String). The exception is caught, and the example uses the OpenExisting(String, MutexRights) method overload to open the mutex with the rights needed to read and change the permissions, using the GetAccessControl and SetAccessControl methods.

After the permissions are changed, the mutex is opened with the rights required to enter and release it. If you run the compiled example from a third command window, it runs using the new permissions.

using namespace System;
using namespace System::Threading;
using namespace System::Security::AccessControl;
using namespace System::Security::Permissions;

public ref class Example
{
public:
   [SecurityPermissionAttribute(SecurityAction::Demand,Flags=SecurityPermissionFlag::UnmanagedCode)]
   static void Main()
   {
      String^ mutexName = L"MutexExample4";

      Mutex^ m = nullptr;
      bool doesNotExist = false;
      bool unauthorized = false;

      // The value of this variable is set by the mutex 
      // constructor. It is true if the named system mutex was 
      // created, and false if the named mutex already existed. 
      // 
      bool mutexWasCreated = false;

      // Attempt to open the named mutex. 
      try
      {
         // Open the mutex with (MutexRights.Synchronize | 
         // MutexRights.Modify), to enter and release the 
         // named mutex. 
         //
         m = Mutex::OpenExisting( mutexName );
      }
      catch ( WaitHandleCannotBeOpenedException^ ) 
      {
         Console::WriteLine( L"Mutex does not exist." );
         doesNotExist = true;
      }
      catch ( UnauthorizedAccessException^ ex ) 
      {
         Console::WriteLine( L"Unauthorized access: {0}", ex->Message );
         unauthorized = true;
      }

      // There are three cases: (1) The mutex does not exist. 
      // (2) The mutex exists, but the current user doesn't 
      // have access. (3) The mutex exists and the user has 
      // access. 
      // 
      if ( doesNotExist )
      {
         // The mutex does not exist, so create it. 
         // Create an access control list (ACL) that denies the 
         // current user the right to enter or release the 
         // mutex, but allows the right to read and change 
         // security information for the mutex. 
         //
         String^ user = String::Concat( Environment::UserDomainName, L"\\",
            Environment::UserName );
         MutexSecurity^ mSec = gcnew MutexSecurity;

         MutexAccessRule^ rule = gcnew MutexAccessRule( user,
            static_cast<MutexRights>(
               MutexRights::Synchronize |
               MutexRights::Modify),
            AccessControlType::Deny );
         mSec->AddAccessRule( rule );

         rule = gcnew MutexAccessRule( user,
            static_cast<MutexRights>(
               MutexRights::ReadPermissions |
                MutexRights::ChangePermissions),
            AccessControlType::Allow );
         mSec->AddAccessRule( rule );

         // Create a Mutex object that represents the system 
         // mutex named by the constant 'mutexName', with 
         // initial ownership for this thread, and with the 
         // specified security access. The Boolean value that 
         // indicates creation of the underlying system object 
         // is placed in mutexWasCreated. 
         //
         m = gcnew Mutex( true,mutexName, mutexWasCreated,mSec );

         // If the named system mutex was created, it can be 
         // used by the current instance of this program, even 
         // though the current user is denied access. The current 
         // program owns the mutex. Otherwise, exit the program. 
         // 
         if ( mutexWasCreated )
         {
            Console::WriteLine( L"Created the mutex." );
         }
         else
         {
            Console::WriteLine( L"Unable to create the mutex." );
            return;
         }
      }
      else if ( unauthorized )
      {
         // Open the mutex to read and change the access control 
         // security. The access control security defined above 
         // allows the current user to do this. 
         // 
         try
         {
            m = Mutex::OpenExisting( mutexName,
               static_cast<MutexRights>(
                  MutexRights::ReadPermissions |
                  MutexRights::ChangePermissions) );

            // Get the current ACL. This requires 
            // MutexRights.ReadPermissions.
            MutexSecurity^ mSec = m->GetAccessControl();

            String^ user = String::Concat( Environment::UserDomainName,
               L"\\", Environment::UserName );

            // First, the rule that denied the current user 
            // the right to enter and release the mutex must 
            // be removed.
            MutexAccessRule^ rule = gcnew MutexAccessRule( user,
               static_cast<MutexRights>(
                  MutexRights::Synchronize |
                  MutexRights::Modify),
               AccessControlType::Deny );
            mSec->RemoveAccessRule( rule );

            // Now grant the user the correct rights. 
            //
            rule = gcnew MutexAccessRule( user,
               static_cast<MutexRights>(
                  MutexRights::Synchronize |
                  MutexRights::Modify),
               AccessControlType::Allow );
            mSec->AddAccessRule( rule );

            // Update the ACL. This requires 
            // MutexRights.ChangePermissions.
            m->SetAccessControl( mSec );

            Console::WriteLine( L"Updated mutex security." );

            // Open the mutex with (MutexRights.Synchronize 
            // | MutexRights.Modify), the rights required to 
            // enter and release the mutex. 
            //
            m = Mutex::OpenExisting( mutexName );
         }
         catch ( UnauthorizedAccessException^ ex ) 
         {
            Console::WriteLine(
               L"Unable to change permissions: {0}", ex->Message );
            return;
         }
      }

      // If this program created the mutex, it already owns 
      // the mutex. 
      // 
      if ( !mutexWasCreated )
      {
         // Enter the mutex, and hold it until the program 
         // exits. 
         // 
         try
         {
            Console::WriteLine( L"Wait for the mutex." );
            m->WaitOne();
            Console::WriteLine( L"Entered the mutex." );
         }
         catch ( UnauthorizedAccessException^ ex ) 
         {
            Console::WriteLine( L"Unauthorized access: {0}",
               ex->Message );
         }
      }

      Console::WriteLine( L"Press the Enter key to exit." );
      Console::ReadLine();
      m->ReleaseMutex();
   }
};

int main()
{
   Example::Main();
}

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft