Setting named pipe security in a Domain

2019-02-20 04:32发布

I have a server that I'm setting up over a named pipe. It works fine for administrators of the domain, but when I test the client on a normal user, it gives the exception "Access to path is denied". So here is what I'm trying to set the permissions to give access to all authenticated users in the domain. What am I doing wrong here?

Server:

        NamedPipeServerStream pipeServer = new NamedPipeServerStream("message-generator", PipeDirection.InOut, pipeThreads, PipeTransmissionMode.Message, PipeOptions.None);
        PipeSecurity pipeSecurity = pipeServer.GetAccessControl();
        pipeSecurity.AddAccessRule(new PipeAccessRule(@"localdomain\Authenticated Users", PipeAccessRights.FullControl, AccessControlType.Allow));
        pipeServer.SetAccessControl(pipeSecurity);

Client:

NamedPipeClientStream pipeClient = new NamedPipeClientStream("servername", "message-generator", PipeDirection.InOut, PipeOptions.None, TokenImpersonationLevel.Impersonation))

The servername and domain are obviously different, but on the server when it gets to the pipeServer.SetAccessControl function it gives me the exception "UnauthorizedAccessException".

Any help is greatly appreciated

1条回答
放我归山
2楼-- · 2019-02-20 05:11

You need to use the ctor for NamedPipeServerStream which allows you to specify the desired access rights on the pipe handle:

public NamedPipeServerStream(
    string pipeName,
    PipeDirection direction,
    int maxNumberOfServerInstances,
    PipeTransmissionMode transmissionMode,
    PipeOptions options,
    int inBufferSize,
    int outBufferSize,
    PipeSecurity pipeSecurity,
    HandleInheritability inheritability,
    PipeAccessRights additionalAccessRights
)

When you call it, you need to ask for PipeAccessRights.ChangePermissions in the last argument. Then SetAccessControl should succeed.

See my blog http://blogs.charteris.com/blogs/chrisdi/archive/2009/12/04/exploring-the-wcf-named-pipe-binding-part-4.aspx for an example.

查看更多
登录 后发表回答