Reputation: 498
C# NamedPipe over network throws UnauthorizedAccessException on client connect
I have a client and a NamedPipe server. The client and the server run on distinct Windows services. On the same machine the connection works perfectly. But when attempting to access the server from another machine, an exception of type UnauthorizedAccessException is thrown (access is denied). I researched several posts and included AccessRules on the server, but it did not work. The client machine user does not exist on the server machine. Is there a specific / AccessRule setting for this case? Does anyone know the solution?
Server:
private NamedPipeServerStream _setupServer;
PipeSecurity ps = new PipeSecurity();
//Everyone
ps.AddAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow));
//Users
ps.AddAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow));
//SYSTEM
ps.AddAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), PipeAccessRights.FullControl, AccessControlType.Allow));
using (_setupServer = new NamedPipeServerStream(typeof(ISetupClient).Name, PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Message, PipeOptions.None, 4024, 4024, ps))
{
this._setupServer.WaitForConnection();
//...
}
Client:
string ipServidor = "192.168.40.155";
using (var setupClient = new NamedPipeClientStream(ipServidor, typeof(ISetupClient).Name, PipeDirection.InOut, PipeOptions.None))
{
int timeOut = 10;
setupClient.Connect(timeOut);
//...
}
Upvotes: 1
Views: 964
Answers (1)
Reputation: 1618
I don't know why this question was downvoted - I corrected that.
I tested this in my lab on two Win 7 machines with different users.
The remote named pipes in Windows are over SMB / CIFS. So normal logon restrictions apply.
I was able to get this to run successfully if I changed in the local security policy:
Security Options
Accounts: Guest account status – change to Enabled
User Rights Assignment
Deny access to this computer from the network - remove "Guest"
Warning
This is not a good idea to do this. I only did the changes to verify this and changed them back immediately.
There is also an option in the local security policy for adding named pipes which can be accessed anonymously, but this didn't work in my case. One had to investigate into this.
In my opinion, using named pipes for un-authenticated access is not the best solution. Normally, I prefer authenticated connections, but in my case most of my development is in an corporate intranet with all machines in an Active Directory environment with AD users, so this is easy.
Perhaps you can use the old trick of using the same user name with the same password on both machines, this will work without the above mentioned policy changes.
Upvotes: 2
Related Questions
- "Attempted to perform an unauthorized operation" when calling NamedPipeServerStream.SetAccessControl
- NamedPipeServerStream Unauthorized Access exception
- NamedPipeClientStream can not access to NamedPipeServerStream under session 0
- NamedPipeClientStream throws UnauthorizedAccessException on Connect
- Named Pipes Across Network Gives "The user name or password is incorrect"
- Named Pipe Not connecting when being called from NamedPipeClientStream
- Named pipe client unable to connect to server running as Network Service
- Cannot connect server and client using named pipes
- can not Impersonate the permission in the NamedPipes if client and server are in the different machines
- Windows Named pipes not working over network?