I am working with a native library (libzmq), which is called by a C# wrapper (clrzmq). It is being used by an IIS web application (IIS 7.5, Windows Server 2008 R2, ASP.NET MVC 3).

The native library makes a call to CreateEvent() but this fails when running the web application using the ApplicationPoolIdentity. It works if I use the LocalSystem account instead but I’d rather not do this.

I have tried both with and without the “Global\” prefix for the event name.

Is there a way of giving the ApplicationPoolIdentity the required permissions?

The relevant snippet of code is below:

//  Make the following critical section accessible to everyone.
SECURITY_ATTRIBUTES sa = {0};
sa.nLength = sizeof (sa);
sa.bInheritHandle = FALSE;
SECURITY_DESCRIPTOR sd;
BOOL ok = InitializeSecurityDescriptor (&sd, SECURITY_DESCRIPTOR_REVISION);
win_assert (ok);
ok = SetSecurityDescriptorDacl(&sd, TRUE, (PACL) NULL, FALSE);
win_assert (ok);
sa.lpSecurityDescriptor = &sd;

//  This function has to be in a system-wide critical section so that
//  two instances of the library don't accidentally create signaler
//  crossing the process boundary.
HANDLE sync = CreateEvent (&sa, FALSE, TRUE,
    "Global\\zmq-signaler-port-sync");
win_assert (sync != NULL);

It fails on the last line, because sync is null.

For reference:

// Provides convenient way to check GetLastError-style errors on Windows.
#define win_assert(x) \
    do {\
        if (unlikely (!(x))) {\
            char errstr [256];\
            zmq::win_error (errstr, 256);\
            fprintf (stderr, "Assertion failed: %s (%s:%d)\n", errstr, \
                __FILE__, __LINE__);\
            zmq::zmq_abort (errstr);\
        }\
    } while (false)

#endif