HttpCreateServerSession return INVALID_HANDLE

Apr 9, 2014 at 1:28 PM
I am using the listener in a low-integrity sandboxed process to make some experiment.
When I open the listener (the http endpoint has the correct ACLs) the HttpCreateServerSession in http_listener.cpp return 6 (INVALID_HANDLE).
According to the msdn documentation the only possible fail return codes are ERROR_REVISION_MISMATCH and ERROR_INVALID_PARAMETER, therefore the docs looks wrong.
HttpCreateServerSession on MSDN

Any hint on why the HttpCreateServerSession may fail in a sanboxed process? What kind of permission may be needed in addition to reserving the endpoint?

Apr 28, 2014 at 10:55 PM
Hi raffaeler

Sorry for the delay here. I checked with the HTTP Server API team, looks like this is the expected behavior: HttpCreateServerSession will fail when running under low integrity. I have forwarded a request to the HTTP Server API team to fix the documentation here.

Apr 28, 2014 at 11:13 PM
Hi Kavya,
since opening an http server session depends on the endpoint ACLs, I do not understand why it is not allowed.

Thanks anyway for your help
Apr 29, 2014 at 12:14 AM
Hi raffaeler,

The issue I observed when running a low integrity process was that HttpInitialize fails with ERROR_ACCESS_DENIED. You're likely seeing HttpCreateServerSession fail with ERROR_INVALID_HANDLE because HttpInitialize failed.