aspnetcore/release-notes/aspnetcore-10/includes/httpsys.md
You can now specify a custom security descriptor for HTTP.sys request queues. The new RequestQueueSecurityDescriptor property on xref:Microsoft.AspNetCore.Server.HttpSys.HttpSysOptions enables more granular control over access rights for the request queue. This granular control lets you tailor security to your application's needs.
A request queue in HTTP.sys is a kernel-level structure that temporarily stores incoming HTTP requests until your application is ready to process them. By customizing the security descriptor, you can allow or deny specific users or groups access to the request queue. This is useful in scenarios where you want to restrict or delegate HTTP.sys request handling at the operating system level.
The RequestQueueSecurityDescriptor property applies only when creating a new request queue. The property doesn't affect existing request queues. To use this property, set it to a xref:System.Security.AccessControl.GenericSecurityDescriptor instance when configuring your HTTP.sys server.
For example, the following code allows all authenticated users but denies guests: [!code-csharp]
For more information, see xref:fundamentals/servers/httpsys.