Semaphore.GetAccessControl Method

Gets the access control security for a named system semaphore.

Namespace:  System.Threading
Assembly:  System (in System.dll)

public SemaphoreSecurity GetAccessControl()

Return Value

Type: System.Security.AccessControl.SemaphoreSecurity
A SemaphoreSecurity object that represents the access control security for the named system semaphore.

ExceptionCondition
UnauthorizedAccessException

The current Semaphore object represents a named system semaphore, and the user does not have SemaphoreRights.ReadPermissions rights.

-or-

The current Semaphore object represents a named system semaphore and was not opened with SemaphoreRights.ReadPermissions rights.

NotSupportedException

Not supported for Windows 98 or Windows Millennium Edition.

The GetAccessControl method uses the following combination of flags (combined using the bitwise OR operation) to search for permissions: AccessControlSections.Access, AccessControlSections.Owner, and AccessControlSections.Group.

The user must have SemaphoreRights.ReadPermissions rights to call this method, and the semaphore must have been opened with SemaphoreRights.ReadPermissions rights.

On a local semaphore, access control security is irrelevant. If the Semaphore object does not represent a named system semaphore, this method returns a SemaphoreSecurity object that grants all rights to any user.

The following code example demonstrates the cross-process behavior of a named semaphore with access control security. The example uses the OpenExisting(String) method overload to test for the existence of a named semaphore.

If the semaphore does not exist, it is created with a maximum count of two and with access control security that denies the current user the right to use the semaphore, but grants the right to read and change permissions on the semaphore.

If you run the compiled example from two command windows, the second copy will throw an access violation exception on the call to the OpenExisting(String) method. The exception is caught, and the example uses the OpenExisting(String, SemaphoreRights) method overload to open the semaphore with the rights needed to read and change the permissions. The access control security for the system semaphore is obtained using the GetAccessControl method.

After the permissions are changed, the semaphore is opened with the rights required to enter and release. If you run the compiled example from a third command window, it runs using the new permissions.

using System;
using System.Threading;
using System.Security.AccessControl;

internal class Example
{
    internal static void Main()
    {
        const string semaphoreName = "SemaphoreExample5";

        Semaphore sem = null;
        bool doesNotExist = false;
        bool unauthorized = false;

        // Attempt to open the named semaphore. 
        try
        {
            // Open the semaphore with (SemaphoreRights.Synchronize 
            // | SemaphoreRights.Modify), to enter and release the 
            // named semaphore. 
            //
            sem = Semaphore.OpenExisting(semaphoreName);
        }
        catch(WaitHandleCannotBeOpenedException)
        {
            Console.WriteLine("Semaphore does not exist.");
            doesNotExist = true;
        }
        catch(UnauthorizedAccessException ex)
        {
            Console.WriteLine("Unauthorized access: {0}", ex.Message);
            unauthorized = true;
        }

        // There are three cases: (1) The semaphore does not exist. 
        // (2) The semaphore exists, but the current user doesn't  
        // have access. (3) The semaphore exists and the user has 
        // access. 
        // 
        if (doesNotExist)
        {
            // The semaphore does not exist, so create it. 
            // 
            // The value of this variable is set by the semaphore 
            // constructor. It is true if the named system semaphore was 
            // created, and false if the named semaphore already existed. 
            // 
            bool semaphoreWasCreated;

            // Create an access control list (ACL) that denies the 
            // current user the right to enter or release the  
            // semaphore, but allows the right to read and change 
            // security information for the semaphore. 
            // 
            string user = Environment.UserDomainName + "\\" 
                + Environment.UserName;
            SemaphoreSecurity semSec = new SemaphoreSecurity();

            SemaphoreAccessRule rule = new SemaphoreAccessRule(
                user, 
                SemaphoreRights.Synchronize | SemaphoreRights.Modify, 
                AccessControlType.Deny);
            semSec.AddAccessRule(rule);

            rule = new SemaphoreAccessRule(
                user, 
                SemaphoreRights.ReadPermissions | SemaphoreRights.ChangePermissions,
                AccessControlType.Allow);
            semSec.AddAccessRule(rule);

            // Create a Semaphore object that represents the system 
            // semaphore named by the constant 'semaphoreName', with 
            // maximum count three, initial count three, and the 
            // specified security access. The Boolean value that  
            // indicates creation of the underlying system object is 
            // placed in semaphoreWasCreated. 
            //
            sem = new Semaphore(3, 3, semaphoreName, 
                out semaphoreWasCreated, semSec);

            // If the named system semaphore was created, it can be 
            // used by the current instance of this program, even  
            // though the current user is denied access. The current 
            // program enters the semaphore. Otherwise, exit the 
            // program. 
            //  
            if (semaphoreWasCreated)
            {
                Console.WriteLine("Created the semaphore.");
            }
            else
            {
                Console.WriteLine("Unable to create the semaphore.");
                return;
            }

        }
        else if (unauthorized)
        {
            // Open the semaphore to read and change the access 
            // control security. The access control security defined 
            // above allows the current user to do this. 
            // 
            try
            {
                sem = Semaphore.OpenExisting(
                    semaphoreName, 
                    SemaphoreRights.ReadPermissions 
                        | SemaphoreRights.ChangePermissions);

                // Get the current ACL. This requires  
                // SemaphoreRights.ReadPermissions.
                SemaphoreSecurity semSec = sem.GetAccessControl();

                string user = Environment.UserDomainName + "\\" 
                    + Environment.UserName;

                // First, the rule that denied the current user  
                // the right to enter and release the semaphore must 
                // be removed.
                SemaphoreAccessRule rule = new SemaphoreAccessRule(
                    user, 
                    SemaphoreRights.Synchronize | SemaphoreRights.Modify, 
                    AccessControlType.Deny);
                semSec.RemoveAccessRule(rule);

                // Now grant the user the correct rights. 
                // 
                rule = new SemaphoreAccessRule(user, 
                     SemaphoreRights.Synchronize | SemaphoreRights.Modify, 
                     AccessControlType.Allow);
                semSec.AddAccessRule(rule);

                // Update the ACL. This requires 
                // SemaphoreRights.ChangePermissions.
                sem.SetAccessControl(semSec);

                Console.WriteLine("Updated semaphore security.");

                // Open the semaphore with (SemaphoreRights.Synchronize  
                // | SemaphoreRights.Modify), the rights required to 
                // enter and release the semaphore. 
                //
                sem = Semaphore.OpenExisting(semaphoreName);

            }
            catch(UnauthorizedAccessException ex)
            {
                Console.WriteLine("Unable to change permissions: {0}", ex.Message);
                return;
            }
        }

        // Enter the semaphore, and hold it until the program 
        // exits. 
        // 
        try
        {
            sem.WaitOne();
            Console.WriteLine("Entered the semaphore.");
            Console.WriteLine("Press the Enter key to exit.");
            Console.ReadLine();
            sem.Release();
        }
        catch(UnauthorizedAccessException ex)
        {
            Console.WriteLine("Unauthorized access: {0}", ex.Message);
        }
    }
}

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft