Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Named pipe client unable to connect to server running as Network Service

Tags:

c#

windows

permissions

windows-services

named-pipes

I have a service running under the Network Service account. The service just sets up a named pipe and listens for connections:

NamedPipeServerStream listeningPipe = new NamedPipeServerStream("ourservicepipe",
    PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, 
    PipeTransmissionMode.Message, PipeOptions.Asynchronous);
listeningPipe.BeginWaitForConnection(OnPipeConnected, listeningPipe);

I have an application running on a standard user account on the same machine. It tries to connect to the named pipe created by the service:

NamedPipeClientStream pipe = new NamedPipeClientStream(".", "ourservicepipe", 
    PipeDirection.InOut, PipeOptions.Asynchronous);
pipe.Connect(2000);
pipe.ReadMode = PipeTransmissionMode.Message;

When I call Connect, it ends up throwing an InvalidOperationException. If I run the service on the same user, it connects fine. If I run the client as an administrator, it connects fine. This leads me to believe the problem is with permissions, but I have no idea which permissions I need to set during installation.

How can I allow the client to connect to the server, without requiring that the client run as an administrator?

like image 257
Collin Dauphinee Avatar asked May 25 '14 06:05

Collin Dauphinee

2 Answers

Pipe server is created with the default service DACL so that only the administrator or system user can connect to the pipe. You need to set the pipe server with proper access rules to make all client connection to succeed. Below is the code to set the access rule to access everyone to access the pipe:

    PipeSecurity pipeSa = new PipeSecurity(); 
    pipeSa.SetAccessRule(new PipeAccessRule("Everyone", 
                    PipeAccessRights.ReadWrite, AccessControlType.Allow)); 
    listeningPipe.SetAccessControl(pipeSa);

It always better to define only a minimal set of users to access the pipe server to make it secure.

like image 56
dvasanth Avatar answered Sep 27 '22 18:09

dvasanth

I'm not allowed to comment, but I want to point out that dvansanth's answer is correct depending on the OS language. When the OS language isn't English, the "Everyone" group probably won't exist.

I've solved it like this: 

PipeSecurity pipeSa = new PipeSecurity();
pipeSa.SetAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), 
                PipeAccessRights.ReadWrite, AccessControlType.Allow)); 
listeningPipe.SetAccessControl(pipeSa);

Note this is for "Authenticated users" not "Everyone"

like image 25
RoelVB Avatar answered Sep 27 '22 18:09

RoelVB
Sign in to Comment

Related questions

Nested function calls - What's the best practice?
Parsing CSS in C#: extracting all URLs
C# GroupBy - Creating multiple grouping levels
How to use a Func in an expression with Linq to Entity Framework?
Acceptable way to set readonly field outside of a constructor
Razor output @-webkit-keyframes
How to reference an unused parameter?
WPF - MVVM: ComboBox value after SelectionChanged
Exception handling in Entity Framework
Select Id(s) using Linq
Overloading null ambiguity
Can't install Simple Windows Service - Login?
No connectionString could be found in the test project application config file
How to display (or write to file) Greek characters?
How to add text to a bitmap image programmatically? WPF
EntityFramework ToListAsync() does not work
Subscribe and immediately unsubscribe after first action
WPF DataGrid Filtering - CollectionViewSource Refreshing
Get Value from JSON using JArray
using System; in C# vs using namespace std; in C++

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!