问题
i wanted to know if it's possible to restrict remote machines to access named pipe in a server. i'm initializing the server as follows:
NamedPipeServerStream pipeServer = new NamedPipeServerStream("myPipe", PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Byte, PipeOptions.Asynchronous);
the remote client does:
using (NamedPipeClientStream pipeStream = new NamedPipeClientStream(serverIP, "myPipe", PipeDirection.InOut))
{
pipeStream.Connect(2000);
}
and of course it succeeds. is there a way to restrict it? thanks!
回答1:
Found it! you need to restrict the usage of NT AUTHORITY\NETWORK:
PipeSecurity PipeSecurity = new PipeSecurity();
PipeAccessRule AccessRule = new PipeAccessRule(@"NT AUTHORITY\NETWORK", PipeAccessRights.FullControl, System.Security.AccessControl.AccessControlType.Deny);
PipeSecurity.AddAccessRule(AccessRule);
PipeAccessRule AccessRule2 = new PipeAccessRule(string.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName), PipeAccessRights.FullControl, System.Security.AccessControl.AccessControlType.Allow);
PipeSecurity.AddAccessRule(AccessRule2);
then add it to the ctor:
NamedPipeServerStream m_PipeServer = new NamedPipeServerStream("myPipe", PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Byte, PipeOptions.Asynchronous, 0, 0, PipeSecurity);
note that when using the pipe security, its not enough to deny network access, but you need to allow access for the current user (or users) that should use that pipe.
string.Format(@"{0}\{1}", Environment.UserDomainName, Environment.UserName)
来源:https://stackoverflow.com/questions/30079374/is-it-possible-to-restrict-remote-machines-to-connect-to-namedpipeserverstream