<< Using NTLM (Windows) authentication with RIA services |

Getting named pipes working on Windows Server 2008

by Christoph Herold 24. Januar 2011 15:43

I spent the last few weeks working on a server application that uses named pipes. It worked well on the development and test systems, but when deploying to the staging environment, the named pipe server seemed to stop working. It did not quit out on me, though. The code was under the impression of having opened the named pipe server, but no clients were able to connect to the server. When checking with process explorer, the named pipes were not shown in the process' handles.

During my search I came across the following page, that pretty much describes the problem I was having: http://www.ms-windows.info/Help/named-pipes-not-working-logged-standard-29523.aspx. On it, several solutions are given, but most of them use the Windows API and not .NET. After trying a few things and looking at the named pipes examples of the All-in-one Code Framework on Codeplex, I finally managed to get things working. The important part is the PipeSecurity object passed into the NamedPipeServerStream constructor. I got the access rules from the All-in-one Code Framework, but the magic line is the SetSecurityDescriptorSddlForm code. It is also necessary to have this line BEFORE setting the access rights, as otherwise I got no change in the behavior.

PipeSecurity pipeSecurity = new PipeSecurity();

// Set to low integrity level
pipeSecurity.SetSecurityDescriptorSddlForm("S:(ML;;NW;;;LW)");

// Allow Everyone read and write access to the pipe.
pipeSecurity.SetAccessRule(new PipeAccessRule("Authenticated Users",
    PipeAccessRights.ReadWrite, AccessControlType.Allow));

// Allow the Administrators group full access to the pipe.
pipeSecurity.SetAccessRule(new PipeAccessRule("Administrators",
    PipeAccessRights.FullControl, AccessControlType.Allow));

using (this.namedPipe = new NamedPipeServerStream(pipeName,
                                                    PipeDirection.InOut,
                                                    this.numThreads,
                                                    PipeTransmissionMode.Message,
                                                    PipeOptions.Asynchronous,
                                                    1024,
                                                    1024,
                                                    pipeSecurity))
{
    //...
}

I guess anyone would have come up with the "S:(ML;;NW;;;LW)" string to pass into the method. It seems straightfoward enough :-)

Well, anyways, if you encounter a similar problem, I hope this saves you some time. And for all of you who want the explanation of that string, just head on over to the msdn documentation: http://msdn.microsoft.com/en-us/library/aa379570(v=VS.85).aspx and http://msdn.microsoft.com/en-us/library/aa374928(v=VS.85).aspx. The S: tells us, that we're dealing with an SACL, ML stands for SDDL_MANDATORY_LABEL, no flags are given, NW means SDDL_NO_WRITE_UP, we then skip two object guids, and last but not least the LW is the account sid for SDDL_ML_LOW, which means "low level integrity". I think, to really get to the bottom of this, I need to learn a heck of a lot more about the windows security mechanisms. But for now, I'm just glad it works at all :-)

0a48d62a-a47a-4903-8a77-b2b4ff0e6284|2|5.0

Tags: .NET, Named pipes

Development

Upgrade hassles with SQL Server 2008Yesterday, I wasted a few hours trying to upgrade my SQL Server 2005 installation to 2008. Actually,...Using NTLM (Windows) authentication with RIA servicesWhen creating a new Silverlight business application using RIA services, it will automatically be co...Connecting to a SqlExpress User InstanceIf you've ever built an ASP.NET application using a User Instance database, you may have come across...

Coeamyd's

...it ain't easy being green

Getting named pipes working on Windows Server 2008

Month List

Impressum (for the Germans)