Named Pipe Server throws UnauthorizedAccessException when creating a second instance if PipeSecurity is set

by

There are two things which can cause the instantiation of a second or subsequent
NamedPipeServerStream on the same pipe to fail:

  • the maxNumberOfServerInstances ctor argument must have been set to more than 1 when the first instance of the pipe server was created. If not, the second call will fail unless the first instance has already been closed completely.
  • the process calling the ctor must have the access right represented by PipeAccessRights.CreateNewInstance. This is a powerful right which the pipe server should guard jealously, as it allows its possessor the ability to act as a pipe server.

The service process should set the pipe security thus:

PipeSecurity ps = new PipeSecurity(); 
    ps.AddAccessRule(new PipeAccessRule(myPipeUsersGroup, PipeAccessRights.ReadWrite, AccessControlType.Allow)); 
    ps.AddAccessRule(new PipeAccessRule(myPipeServerIdentity, PipeAccessRights.FullControl, AccessControlType.Allow));

where:

  • myPipeUsersGroup is a placeholder for a group which contains all the prospective client identities which will connect to the pipe. Depending on your requirements/use case this might be a specific client identity, a custom group, or a built in group such as “Users” or “Administrators”.
  • myPipeServerIdentity is a placeholder for the service identity. This might be set, for example, to WindowsIdentity.GetCurrent().Owner. When the pipe server is hosted in a Windows service, then even better (but a good deal harder to implement) would be the Logon SID identity of the service process – this would ensure that only the specific service process could create instances of the pipe.

If you want to ensure that pipe access is restricted to just users logged on locally i.e. to prevent remote access across a network, you can also add a deny ACE for Network Users into the pipe security ACL.

More Related Contents:

  1. What is a good way to shutdown Threads blocked on NamedPipeServer#WaitForConnection?
  2. Creating a DateTime in a specific Time Zone in c#
  3. Why Response.Redirect causes System.Threading.ThreadAbortException?
  4. How to read an entire file to a string using C#?
  5. Concat all strings inside a List using LINQ
  6. Is it possible to bind a Canvas’s Children property in XAML?
  7. How to change the color of progressbar in C# .NET 3.5?
  8. How to parse a string into a nullable int
  9. Inconsistency in divide-by-zero behavior between different value types
  10. passing values between forms (winforms)
  11. Display progress bar while doing some work in C#?
  12. What is the Efficiency and Performance of LINQ and Lambda Expression in .Net?
  13. Operation could destabilize the runtime?
  14. Monitoring Garbage Collector in C#
  15. How do I get the Local Network IP address of a computer programmatically?
  16. How can I join int[] to a character-separated string in .NET?
  17. Equivalent of Tuple (.NET 4) for .NET Framework 3.5
  18. Dependency Injection wcf
  19. Store Dictionary in application settings
  20. How do I find if two variables are approximately equals?
  21. Controls in container form come over child form?
  22. Put WPF control into a Windows Forms Form?
  23. Datagridview: How to set a cell in editing mode?
  24. LINQ to SQL in and not in
  25. What to use: var or object name type? [duplicate]
  26. Serializing anonymous delegates in C#
  27. Finding all classes with a particular attribute
  28. Dealing with invalid XML hexadecimal characters
  29. See if user is part of Active Directory group in C# + Asp.net
  30. How to check if process is not responding?

Leave a Comment