Remoting IPCChannel security with Service

G

Grant Schenck

I have a simple remoting sample using IPCChannel. If I run the server code
as a console app my client can connect just fine. However, if I the same
server code runs in a service, the client gets a RemotingException of
"Failed to connect to an IPC Port: Access is denied".

The Access is denied changes if my service isn't running to "The system
cannot find the file specified" so the I think I'm connecting but being
denied due to some type of security issue.

I'm very weak on security, My service runs under Local System and can
potentially service requests from multiple users. This is a low security
situation so what is the simplest way to get the server to allow any client
to connect or code the client so the server will always allow it to connect?

Thanks,
 
G

Grant Schenck

OK, partially answering my own question...

If my service is logged in "Local System" then my client fails attempting to
invoke a method on a remoted object hosted by the service with a
RemotingException of "Failed to connect to an IPC Port: Access is denied".

However, if my service is logged in as the same user name/pw as the user
running the client then it works.

So, the problem IS security.

How do I configure my server so any user running the client can connect? I
really have no clue how security works in this regard...

Thanks!
 
M

Martin Carpella

Grant Schenck said:
How do I configure my server so any user running the client can connect? I
really have no clue how security works in this regard...
Click to expand...

IpcChannel accepts a dictionary containing properties for setting up the
channel. You can use this to set the user/group which is authorized to
connect to the pipe, e.g.:

IDictionary prop = new Hashtable();
prop["name"] = "Server";
prop["portName"] = pipeName;
prop["tokenImpersonationLevel"] = TokenImpersonationLevel.Impersonation;
prop["includeVersions"] = false;
prop["strictBinding"] = false;
prop["secure"] = true;
prop["authorizedGroup"] = "DOMAIN\\DomainGroup"

IpcChannel channel = new IpcChannel(prop, clientProv, serverProv);
ChannelServices.RegisterChannel(channel, true);


Use the NTAccount class to find the locale-dependant name of a
well-known SID.

Hope this helps,
Martin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IpcChannel will not create 2
About the remoting event 2
WinForms & Remoting 5
IPC Remoting disconnected 0
IPCChannel & ASP.NET app 1
MSDN C# example on IPCChannel compile error ! 2
Remoting problems 2
ASP .NET 2 Remoting User identity 5

Top