PipeSecurity for connection from user to elevated service
SamKr opened this issue · 6 comments
I'm trying to connect a Windows application to an elevated service on the same machine using ServiceWire's NamedPipe functionality, but keep getting a System.UnauthorizedAccessException. I'd like to configure the PipeSecurity settings with a few PipeAccessRules, but it seems this isn't possible right now.
Is that correct? I'd really like to use namedpipes over tcp. I saw a few closed issues in this regard, but I didn't fully understand them - but what I got from them, is that you're not going to add it to preserve compatiblity with other OS's?
Could you perhaps give me a pointer where I can add the config myself, I'm fine with compiling my own library for the time being.
Thanks for sharing your hard work, this project is awesome ❤️
Look for code where NamedPipeClientStream is created. I don't know if this will resolve your issue. Keep in mind, the Windows application may not have privileges to open a client stream with a server host running under a different service principle even with the TokenImpersonationLevel set. I've not experimented with this since dropping the old .NET Framework specific security settings years ago.
Thanks for your quick reply! I'll go run some tests.
since dropping the old .NET Framework specific security settings years ago
Is there an alternative route you would advice in this case? Or just use TCP?
The alternative is making the TCP connection on 127.0.0.1 localhost which gets processed by the loopback adapter in the OS and not your NIC, so it's not a terrible choice.
Ah right. Sounds good, I'll run some tests with that as well. Thanks for the quick help @tylerje, you rock ❤️
Another thought is to make the Windows application the host and the service the client. Use a polling mechanism. This of course depends on your use cases.
Good luck. I'm not always so responsive. You caught me on a sleepless night.