Setting named pipe security in a Domain

Question

I have a server that I'm setting up over a named pipe. It works fine for administrators of the domain, but when I test the client on a normal user, it gives the exception "Access to path is denied". So here is what I'm trying to set the permissions to give access to all authenticated users in the domain. What am I doing wrong here?

Server:

        NamedPipeServerStream pipeServer = new NamedPipeServerStream("message-generator", PipeDirection.InOut, pipeThreads, PipeTransmissionMode.Message, PipeOptions.None);
        PipeSecurity pipeSecurity = pipeServer.GetAccessControl();
        pipeSecurity.AddAccessRule(new PipeAccessRule(@"localdomain\Authenticated Users", PipeAccessRights.FullControl, AccessControlType.Allow));
        pipeServer.SetAccessControl(pipeSecurity);

Client:

NamedPipeClientStream pipeClient = new NamedPipeClientStream("servername", "message-generator", PipeDirection.InOut, PipeOptions.None, TokenImpersonationLevel.Impersonation))

The servername and domain are obviously different, but on the server when it gets to the pipeServer.SetAccessControl function it gives me the exception "UnauthorizedAccessException".

Any help is greatly appreciated

Answer 1

You need to use the ctor for NamedPipeServerStream which allows you to specify the desired access rights on the pipe handle: public NamedPipeServerStream( string pipeName, PipeDirection direction, int maxNumberOfServerInstances, PipeTransmissionMode transmissionMode, PipeOptions options, int inBufferSize, int outBufferSize, PipeSecurity pipeSecurity, HandleInheritability inheritability, PipeAccessRights additionalAccessRights )

When you call it, you need to ask for PipeAccessRights.ChangePermissions in the last argument. Then SetAccessControl should succeed.

See my blog http://blogs.charteris.com/blogs/chrisdi/archive/2009/12/04/exploring-the-wcf-named-pipe-binding-part-4.aspx for an example.

Answer 2

I'm also having the same problem.

My named pipe server code is like below

m_NamedPipeStream =
            new NamedPipeServerStream(pipeName, PipeDirection.InOut, 
                maxNumberOfServerInstances, PipeTransmissionMode.Message, 
                PipeOptions.Asynchronous, inBufferSize, outBufferSize,
                null, HandleInheritability.None, PipeAccessRights.ChangePermissions);

        PipeSecurity pipeSecurity = m_NamedPipeStream.GetAccessControl();

        pipeSecurity.AddAccessRule(new PipeAccessRule(@"Administrators", PipeAccessRights.FullControl, AccessControlType.Allow));
        //pipeSecurity.AddAuditRule(new PipeAuditRule("Everyone", PipeAccessRights.FullControl, AuditFlags.Failure));

        m_NamedPipeStream.SetAccessControl(pipeSecurity);

And my named pipe client is like below

m_NamedPipeStream = new NamedPipeClientStream(serverAddress, pipeName, 
                    PipeDirection.InOut, PipeOptions.Asynchronous, 
                    TokenImpersonationLevel.Impersonation);
                ((NamedPipeClientStream)m_NamedPipeStream).Connect(connectionTimeout);

The problem is i can connect from client to server on local system but not in two computers in network.

Another problem is in a computer that is registered to a domain;

-When that computer is online the client-server system works on local

-When offline(network cable is disconnected) even the system does not work on local.

I'm not experienced about windows authentication issues and the problem seems to be about that.

PS. I tried several things in the "identity" parameter of PipeAccessRule# constructor.

Any suggestions?