.Net 4.5 RawSecurityDescriptor does not support Win8 User Aliase SDDL strings RRS feed

  • Question

  • We're getting some SDDL strings that have the User Alias "AC".  Passing a SDDL string with this ACE will cause the .Net 4.5 RawSecurityDescriptor(string) constructor to throw.


        string secDescriptor = "O:SYG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;AC)";
        RawSecurityDescriptor sd = new RawSecurityDescriptor(secDescriptor);  // throw "AC" not supported

    Looking in the VC2010 sddl.h file that alias ("AC") does not exist.  It does exist in the VC2012 sddl.h file.  That suggests to me the alias "AC" was introduced in Win8 because we built Win8 with 2012. 

    This is obviously a problem with server side code that parses security descriptors found on clients; XP to Win8.

    Question of course is what is the hotpatch, SP, or workaround for supporting Win8 User Aliases?  Does .Net 4.5.1 RC support Win8?  Do we need to interop out just to work around this bug?  That would be a bit ridiculous so I'm hoping that answer is no.

    Thursday, October 10, 2013 2:27 PM


All replies