How to set PipeSecurity of NamedPipeServerStream in .NET Core

Question

I'm porting a library from .NET Framework 4.6.1 to .NET Standard 2.0. In Framework, the NamedPipeServerStream constructor could take a PipeSecurity parameter, but that isn't an option in Core. How do you set the security of a NamedPipeServerStream in Core?

Answer 1

Net 6.0 has introduced NamedPipeServerStreamAcl Class.

You can use the Create method to create the stream with PipeSecurity...

using System.IO.Pipes;
using System.Security.AccessControl;
using System.Security.Principal;

if (!System.OperatingSystem.IsWindows())
    throw new PlatformNotSupportedException("Windows only");

SecurityIdentifier securityIdentifier = new SecurityIdentifier(
    WellKnownSidType.AuthenticatedUserSid, null);

PipeSecurity pipeSecurity = new PipeSecurity();
pipeSecurity.AddAccessRule(new PipeAccessRule(securityIdentifier,
    PipeAccessRights.ReadWrite | PipeAccessRights.CreateNewInstance,
    AccessControlType.Allow));

NamedPipeServerStream stream = NamedPipeServerStreamAcl.Create(
    "SecurityTestPipe", PipeDirection.InOut,
    NamedPipeServerStream.MaxAllowedServerInstances,
    PipeTransmissionMode.Byte, PipeOptions.Asynchronous, 0, 0, pipeSecurity);

Answer 2

Apparently it's a known issue System.IO.Pipes.AccessControl package does not work #26869. There's a workaround mentioned in the last post suggesting usage of NamedPipeServerStream.NetFrameworkVersion nuget package which will expose NamedPipeServerStreamConstructors.New(...) which should mirror behavior of all the full .NET Framework constructors.

Follows a code sample from the nuget's github

using System.IO.Pipes;

var pipeSecurity = new PipeSecurity();
pipeSecurity.AddAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow));

using var serverStream = NamedPipeServerStreamConstructors.New(pipeName, PipeDirection.InOut, 1, PipeTransmissionMode.Byte, PipeOptions.Asynchronous | PipeOptions.WriteThrough, 0, 0, pipeSecurity);