How to set PipeSecurity of NamedPipeServerStream in .NET Core

Asked 29/1, 2020 at 15:4 Answered 15/2 at 22:6

I'm porting a library from .NET Framework 4.6.1 to .NET Standard 2.0. In Framework, the NamedPipeServerStream constructor could take a PipeSecurity parameter, but that isn't an option in Core. How do you set the security of a NamedPipeServerStream in Core?

Tournai answered 29/1, 2020 at 15:4 Comment(0)

Net 6.0 has introduced NamedPipeServerStreamAcl Class.

You can use the Create method to create the stream with PipeSecurity...

using System.IO.Pipes;
using System.Security.AccessControl;
using System.Security.Principal;

if (!System.OperatingSystem.IsWindows())
    throw new PlatformNotSupportedException("Windows only");

SecurityIdentifier securityIdentifier = new SecurityIdentifier(
    WellKnownSidType.AuthenticatedUserSid, null);

PipeSecurity pipeSecurity = new PipeSecurity();
pipeSecurity.AddAccessRule(new PipeAccessRule(securityIdentifier,
    PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance,
    AccessControlType.Allow));

NamedPipeServerStream stream = NamedPipeServerStreamAcl.Create(
    "SecurityTestPipe", PipeDirection.InOut,
    NamedPipeServerStream.MaxAllowedServerInstances,
    PipeTransmissionMode.Byte, PipeOptions.Asynchronous, 0, 0, pipeSecurity);

Ubana answered 6/3, 2022 at 13:39 Comment(1)

This works with .Net Framework as well. My service runs under SYSTEM but the GUI application to "see" the state of the service runs under my account. Although the connections worked if I started the service it would not connect if the service ran as SYSTEM. – Cons 14/8 at 16:5

Apparently it's a known issue System.IO.Pipes.AccessControl package does not work #26869. There's a workaround mentioned in the last post suggesting usage of NamedPipeServerStream.NetFrameworkVersion nuget package which will expose NamedPipeServerStreamConstructors.New(...) which should mirror behavior of all the full .NET Framework constructors.

Follows a code sample from the nuget's github

using System.IO.Pipes;

var pipeSecurity = new PipeSecurity();
pipeSecurity.AddAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow));

using var serverStream = NamedPipeServerStreamConstructors.New(pipeName, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.Asynchronous | PipeOptions.WriteThrough, 0, 0, pipeSecurity);

Hannigan answered 6/6, 2020 at 10:33 Comment(0)

Answer for .NET 8:

var stream = new NamedPipeServerStream(pipeName, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.Asynchronous | PipeOptions.WriteThrough, 0, 0);

stream.SetAccessControl(pipeSecurity);

Portwine answered 15/2 at 22:6 Comment(1)

.NET 8 doesn't work with Unity. – Picturize 8/8 at 5:4

Recommended topics

Hot tags