Customizable security descriptors for HTTP.sys

[tdykstra]

Fixes #35570

---

Internal previews

📄 File	🔗 Preview link
aspnetcore/fundamentals/servers/httpsys.md	HTTP.sys web server implementation in ASP.NET Core

[Copilot]

Pull Request Overview

This PR enables customizable security descriptors for HTTP.sys, allowing configuration of access to request queues. Key changes include:

• Adding a sample in Program.cs that demonstrates configuring a security descriptor for HTTP.sys.
• Updating the documentation in httpsys.md to list customizable security descriptors and HTTP/3 support.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
aspnetcore/fundamentals/servers/httpsys/samples_snapshot/10.x/HttpSysConfig/Program.cs	Added sample code for configuring request queue security descriptors
aspnetcore/fundamentals/servers/httpsys.md	Updated documentation to include customizable security descriptors and additional HTTP.sys features

Comments suppressed due to low confidence (2)

aspnetcore/fundamentals/servers/httpsys/samples_snapshot/10.x/HttpSysConfig/Program.cs:6

• [nitpick] Consider adding a comment that explains the use of an empty SDDL string in the CommonSecurityDescriptor constructor, clarifying its purpose and any security implications for maintainability.

var securityDescriptor = new CommonSecurityDescriptor(isContainer: false, isDS: false, sddlForm: string.Empty);

aspnetcore/fundamentals/servers/httpsys.md:65

• [nitpick] Verify that the xref link using the URL-encoded asterisk renders correctly. Adjust if necessary to ensure clear documentation linking.

If an HTTP/2 connection is established, [HttpRequest.Protocol](xref:Microsoft.AspNetCore.Http.HttpRequest.Protocol%2A) reports `HTTP/2`.

[wadepickett]

Looks good beyond what was already suggested to change. I am not finding anything else. Consider updating the ms.date.