locked
PipeSecurity on NamedPipeServerStream on .NET Standard / Core 2.0 RRS feed

  • Question

  • Hello,

    In my code (.NET Standard 2.0 Library) I'm trying to open a named pipe via NamedPipeServerStream and I can successfully consume that stream from a client process as long the Process User is the same.

    But what I need is to set the security so, that all Authenticated Users can access the stream from the Client process.

    e.g:

    PipeSecurity ps = new PipeSecurity();
    NamedPipeServerStream pipeServerStream = new NamedPipeServerStream(Globals.PIPE_NAME_ROUTER, PipeDirection.InOut, 2, PipeTransmissionMode.Message,PipeOptions.Asynchronous | PipeOptions.WriteThrough);

    ps = pipeServerStream.GetAccessControl()

    ps.AddAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow));

    But the following call:

    pipeServerStream.SetAccessControl(ps);

    will fail with an "UnauthorizedAccessException" (even if my Server Process is in "Elevated Mode").

    All hints I found in the Internet (for the full framework) propose to set the PipeSecurity in the NamedPipeServerStream constructor. But this is not available under .NET Standard 2.0.

    Does any workaround exist to set any access rules from within the process?

    Ralf

    Monday, December 4, 2017 3:26 PM

All replies

  • Hi Ralf Heitmann,

    Thank you for posting here.

    First, have you try your code under admin mode?

    Virtually all .NET implementations have support for .NET Standard 2.0, including .NET Framework, .NET Core, and Xamarin. Please try your whole code in .net framework. I am not sure what cause the exception. Maybe it is not caused by .NET  Standard 2.0. 

    Normally, if you want to set the NamedPipeServerStream, the constructor you used to create a NamedPipeServerStream object is No pipe security.

    NamedPipeServerStream(Globals.PIPE_NAME_ROUTER, PipeDirection.InOut, 2, PipeTransmissionMode.Message,PipeOptions.Asynchronous | PipeOptions.WriteThrough);

    Please try another method NamedPipeServerStream(String, PipeDirection, Int32, PipeTransmissionMode, PipeOptions, Int32, Int32, PipeSecurity).

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, December 6, 2017 6:39 AM
  • Hi Wendy,

    as I stated in the original post, the Exception is thrown under Administrator / Elevated Access rights. The same problem arises under the .net Framework 4.7. Test Code:

    static void Main(string[] args)
            {

                try
                {
                    bool t = true;

                    if (t)
                    {
                        // Not working !!!
                        PipeSecurity ps = new PipeSecurity();
                        NamedPipeServerStream pipeServerStream = new NamedPipeServerStream(
                            "TestPipe",
                            PipeDirection.InOut,
                            2, PipeTransmissionMode.Message,
                            PipeOptions.Asynchronous | PipeOptions.WriteThrough);
                        ps = pipeServerStream.GetAccessControl();
                        ps.AddAccessRule(new PipeAccessRule(
                            new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),
                            PipeAccessRights.ReadWrite,
                            AccessControlType.Allow));
                        pipeServerStream.SetAccessControl(ps);
                    }
                    else
                    {
                        // OK, but neither available on .NET Standard nor on  .NET Core
                        PipeSecurity ps = new PipeSecurity();
                        ps.AddAccessRule(new PipeAccessRule(
                            new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),
                            PipeAccessRights.ReadWrite,
                            AccessControlType.Allow));
                        NamedPipeServerStream pipeServerStream = new NamedPipeServerStream("TestPipe",
                            PipeDirection.InOut,
                            2, PipeTransmissionMode.Message,
                            PipeOptions.Asynchronous | PipeOptions.WriteThrough,
                            1024,
                            1024,ps);
                    }
                    Console.WriteLine("Succeeded!");
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                }
                Console.ReadLine();
            }

    But the difference is, that your proposed constructor of NamedPipeServerStream (in the 'else' part of this test program) is not supported under .NET Standard / .NET Core. Under .NET Framework 4.7 it is.

    See also

    https://stackoverflow.com/questions/1144093/setting-named-pipe-security-in-a-domain

    So the question remains:

    How to set/change the AccessRights on a NamedPipeServerStream under .NET Core / Standard?

    Regards

    Ralf

    Monday, December 11, 2017 7:55 AM
  • The issue still exist unresolved on my side.Haven't found any further information to this issue yet.

    Ralf

    Wednesday, April 4, 2018 2:14 PM
  • Did you solve the problem?

    Tuesday, March 12, 2019 5:21 PM
  • Hi Ralph, hello Wendy,

    I got lost into the same problem. Did any one of you find a solution to this missing PipeSecurity behaviour?

    Kind regards and thanks for a reply,

    m@

    Monday, March 9, 2020 3:50 PM