1

I'm using the following code in my class's ctor to create a named pipe in C#. 

PipeSecurity ps = new PipeSecurity();
ps.AddAccessRule(new PipeAccessRule("testADgroup", PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance | PipeAccessRights.ChangePermissions, AccessControlType.Allow));
pipeServer = new NamedPipeServerStream("testPipe", PipeDirection.InOut, 16, 
PipeTransmissionMode.Message, PipeOptions.WriteThrough, 1024, 1024, ps);
streamReader = new StreamReader(pipeServer);
serverThread = new Thread(this.serviceThread);

When the pipe is up, I use these powershell commands to try to open the pipe

$npipeClient = new-object System.IO.Pipes.NamedPipeClientStream("testPipe")
$npipeClient.Connect()

This is the error that I get

Exception calling "Connect" with "0" argument(s): "Access to the path is denied."
At line:1 char:1
+ $npipeClient.Connect()
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : UnauthorizedAccessException

If I change the C# code to have PipeAccessRule to use the Users group instead, it works fine. However, I want to restrict access to the named pipe based on membership of an AD security group.

Can someone help me to understand what I'm doing wrong, or if perhaps the type of named pipe implementation that I'm using is not capable of utilizing AD group in the PipeAccessRule. Thanks!

dude_like2code
  • 11
  • 1
  • The [docs](https://msdn.microsoft.com/en-us/library/bb156393(v=vs.110).aspx) for PipeAccessRule indicate that the first parameter is a Username, not a group name. – Sam Axe Apr 15 '17 at 00:58
  • http://stackoverflow.com/questions/15890860/localization-for-security-identity-in-net – Sam Axe Apr 15 '17 at 01:02
  • `new PipeAccessRule(new NTAccount("DOMAIN","testADGroup"),PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance | PipeAccessRights.ChangePermissions, AccessControlType.Allow)` – Mathias R. Jessen Apr 15 '17 at 14:48

0 Answers0