Example for setting PipeSecurity on named pipes doesn't work #36830
Description
Description
The provided example does not compile / work. It says to do the following:
var builder = WebApplication.CreateBuilder(args);
builder.WebHost.ConfigureKestrel(serverOptions =>
{
serverOptions.ListenNamedPipe("MyPipeName", listenOptions =>
{
listenOptions.Protocols = HttpProtocols.Http2;
// Configure PipeSecurity
listenOptions.UseNamedPipes(options =>
{
var pipeSecurity = new PipeSecurity();
// Grant read/write access to the Users group
pipeSecurity.AddAccessRule(new PipeAccessRule(
"Users",
PipeAccessRights.ReadWrite,
AccessControlType.Allow));
// Add additional rules as needed
options.PipeSecurity = pipeSecurity;
});
});
});However there are three issues I had:
- You cannot call
UseNamedPipesonlistenOptions. This call needs to be made on theWebHostbuilder like this:
var builder = WebApplication.CreateBuilder(args);
// Configure PipeSecurity
builder.WebHost.UseNamedPipes(options =>
{
var pipeSecurity = new PipeSecurity();
// Grant read/write access to the Users group
pipeSecurity.AddAccessRule(new PipeAccessRule(
"Users",
PipeAccessRights.ReadWrite,
AccessControlType.Allow));
// Add additional rules as needed
options.PipeSecurity = pipeSecurity;
});
builder.WebHost.ConfigureKestrel(serverOptions =>
{
serverOptions.ListenNamedPipe("MyPipeName", listenOptions =>
{
listenOptions.Protocols = HttpProtocols.Http2;
});
});- Starting the server failed because it says the named pipe is already in use. This is actually misleading because it was caused by access being denied. I believe you need to also grant
CreateNewInstancepermission to the current user otherwise it is not allowed to create the named pipe.
pipeSecurity.AddAccessRule(new PipeAccessRule(
"Users",
PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance,
AccessControlType.Allow));- Setting
PipeSecurityrequiresCurrentUserOnlyto be set tofalse, otherwise you get anArgumentException:
System.ArgumentException: 'pipeSecurity' must be null when 'options' contains 'PipeOptions.CurrentUserOnly'. (Parameter 'pipeSecurity')
This may also be the reason why you need to grant CreateNewInstance rights, otherwise the current user has no permissions to do so.
The example should probably look like this (excluding usings, etc.):
var builder = WebApplication.CreateBuilder(args);
// Configure PipeSecurity
builder.WebHost.UseNamedPipes(options =>
{
var pipeSecurity = new PipeSecurity();
// Grant read/write access to the Users group
pipeSecurity.AddAccessRule(new PipeAccessRule(
"Users",
PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance,
AccessControlType.Allow));
// Add additional rules as needed
options.PipeSecurity = pipeSecurity;
options.CurrentUserOnly = false;
});
builder.WebHost.ConfigureKestrel(serverOptions =>
{
serverOptions.ListenNamedPipe("MyPipeName", listenOptions =>
{
listenOptions.Protocols = HttpProtocols.Http2;
});
});Page URL
https://learn.microsoft.com/en-us/aspnet/core/grpc/interprocess-namedpipes?view=aspnetcore-10.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/grpc/interprocess-namedpipes.md
Document ID
58d486b8-0e04-9767-2089-deb43a28f56b
Platform Id
a2d799be-3207-916a-b50a-6cc65840d5b9
Article author
Metadata
- ID: 58d486b8-0e04-9767-2089-deb43a28f56b
- PlatformId: a2d799be-3207-916a-b50a-6cc65840d5b9
- Service: aspnet-core
- Sub-service: grpc