From 907ed7c016f7f6e25ab596f85f8f12424afd1767 Mon Sep 17 00:00:00 2001 From: wadepickett Date: Tue, 1 Jul 2025 14:59:30 -0700 Subject: [PATCH 01/12] gRPC:PipeSecurity for Named Pipes --- aspnetcore/grpc/interprocess-namedpipes.md | 42 +++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 70e046df7e58..062c7d9f1964 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -4,7 +4,7 @@ author: jamesnk description: Learn how to use gRPC for inter-process communication with Named pipes. monikerRange: '>= aspnetcore-8.0' ms.author: wpickett -ms.date: 01/18/2023 +ms.date: 07/01/2025 uid: grpc/interprocess-namedpipes --- # Inter-process communication with gRPC and Named pipes @@ -47,6 +47,46 @@ The preceding example: * Calls `ListenNamedPipe` to listen to a named pipe with the specified name. * Creates a named pipe endpoint that isn't configured to use HTTPS. For information about enabling HTTPS, see [Kestrel HTTPS endpoint configuration](xref:fundamentals/servers/kestrel/endpoints#listenoptionsusehttps). +### Configuring PipeSecurity for Named Pipes + +To customize the security of the named pipe, for example, to control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows you to specify a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object. + +Example: + +```csharp +using Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes; +using System.IO.Pipes; +using System.Security.AccessControl; + +var builder = WebApplication.CreateBuilder(args); +builder.WebHost.ConfigureKestrel(serverOptions => +{ + serverOptions.ListenNamedPipe("MyPipeName", listenOptions => + { + listenOptions.Protocols = HttpProtocols.Http2; + + // Configure PipeSecurity + listenOptions.UseNamedPipes(options => + { + var pipeSecurity = new PipeSecurity(); + // Grant read/write access to the Users group + pipeSecurity.AddAccessRule(new PipeAccessRule( + "Users", + PipeAccessRights.ReadWrite, + AccessControlType.Allow)); + // Add additional rules as needed + + options.PipeSecurity = pipeSecurity; + }); + }); +}); + +The preceding example: + +* Uses to access and configure . +* Sets the property to control which users or groups can connect to the named pipe. +* Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. + ## Client configuration `GrpcChannel` supports making gRPC calls over custom transports. When a channel is created, it can be configured with a that has a custom . The callback allows the client to make connections over custom transports and then send HTTP requests over that transport. From 34d6fd7fa4c8a6f6e218debdfcd6a3b54ab3d50f Mon Sep 17 00:00:00 2001 From: wadepickett Date: Tue, 1 Jul 2025 15:06:38 -0700 Subject: [PATCH 02/12] Update metadata tags --- aspnetcore/grpc/interprocess-namedpipes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 062c7d9f1964..03e1e00549b1 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -4,6 +4,7 @@ author: jamesnk description: Learn how to use gRPC for inter-process communication with Named pipes. monikerRange: '>= aspnetcore-8.0' ms.author: wpickett +ai-usage: ai-assisted ms.date: 07/01/2025 uid: grpc/interprocess-namedpipes --- From 784f6ff364b3d8ced36a1b7b69bc9504b0c85da4 Mon Sep 17 00:00:00 2001 From: wadepickett Date: Tue, 1 Jul 2025 15:13:06 -0700 Subject: [PATCH 03/12] Corrected code fencing. --- aspnetcore/grpc/interprocess-namedpipes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 03e1e00549b1..4d7d2c02ac65 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -50,7 +50,7 @@ The preceding example: ### Configuring PipeSecurity for Named Pipes -To customize the security of the named pipe, for example, to control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows you to specify a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object. +To customize the security of the named pipe, for example, to control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object to be specified. Example: @@ -81,6 +81,7 @@ builder.WebHost.ConfigureKestrel(serverOptions => }); }); }); +``` The preceding example: From dd35fc7f964aeabea9b0ae4727374d741a981486 Mon Sep 17 00:00:00 2001 From: wadepickett Date: Tue, 1 Jul 2025 15:18:38 -0700 Subject: [PATCH 04/12] Fixed xref --- aspnetcore/grpc/interprocess-namedpipes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 4d7d2c02ac65..f301f98c86a2 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -85,7 +85,7 @@ builder.WebHost.ConfigureKestrel(serverOptions => The preceding example: -* Uses to access and configure . +* Uses to access and configure . * Sets the property to control which users or groups can connect to the named pipe. * Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. From 208c9d18d0901519fcb52ff38e1c7c2aa286f7f8 Mon Sep 17 00:00:00 2001 From: wadepickett Date: Tue, 1 Jul 2025 16:09:46 -0700 Subject: [PATCH 05/12] fix xref --- aspnetcore/grpc/interprocess-namedpipes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index f301f98c86a2..c8ca4964c130 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -85,7 +85,7 @@ builder.WebHost.ConfigureKestrel(serverOptions => The preceding example: -* Uses to access and configure . +* Uses to access and configure . * Sets the property to control which users or groups can connect to the named pipe. * Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. From d02423e5b707c049e2c4612190824658b233f7fb Mon Sep 17 00:00:00 2001 From: wadepickett Date: Tue, 1 Jul 2025 16:45:33 -0700 Subject: [PATCH 06/12] xref fix again --- aspnetcore/grpc/interprocess-namedpipes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index c8ca4964c130..7b70bd77200c 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -85,7 +85,7 @@ builder.WebHost.ConfigureKestrel(serverOptions => The preceding example: -* Uses to access and configure . +* Uses `UseNamedPipes` to access and configure . * Sets the property to control which users or groups can connect to the named pipe. * Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. From 04fe218efbfe19973950e13ff5596e86051f325c Mon Sep 17 00:00:00 2001 From: wadepickett Date: Fri, 1 Aug 2025 14:53:30 -0700 Subject: [PATCH 07/12] Added info on CreateNamedPipeServerStream --- aspnetcore/grpc/interprocess-namedpipes.md | 31 +++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 7b70bd77200c..56ddacd30f76 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -5,7 +5,7 @@ description: Learn how to use gRPC for inter-process communication with Named pi monikerRange: '>= aspnetcore-8.0' ms.author: wpickett ai-usage: ai-assisted -ms.date: 07/01/2025 +ms.date: 08/01/2025 uid: grpc/interprocess-namedpipes --- # Inter-process communication with gRPC and Named pipes @@ -89,6 +89,35 @@ The preceding example: * Sets the property to control which users or groups can connect to the named pipe. * Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. +### Customize Kestrel named pipe endpoints +Kestrel's named pipe support enables advanced customization, allowing you to configure different security settings for each endpoint using the option. This approach is ideal for scenarios where multiple named pipe endpoints require unique access controls. The ability to customize pipes per endpoint is available starting with .NET 9. + +An example of where this is useful is a Kestrel app that requires two pipe endpoints with different access security. The option can be used to create pipes with custom security settings, depending on the pipe name. + +```csharp + +var builder = WebApplication.CreateBuilder(); + +builder.WebHost.ConfigureKestrel(options => +{ + options.ListenNamedPipe("pipe1"); + options.ListenNamedPipe("pipe2"); +}); + +builder.WebHost.UseNamedPipes(options => +{ + options.CreateNamedPipeServerStream = (context) => + { + var pipeSecurity = CreatePipeSecurity(context.NamedPipeEndpoint.PipeName); + + return NamedPipeServerStreamAcl.Create(context.NamedPipeEndPoint.PipeName, PipeDirection.InOut, + NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Byte, + context.PipeOptions, inBufferSize: 0, outBufferSize: 0, pipeSecurity); + }; +}); + +``` + ## Client configuration `GrpcChannel` supports making gRPC calls over custom transports. When a channel is created, it can be configured with a that has a custom . The callback allows the client to make connections over custom transports and then send HTTP requests over that transport. From 64d964b8cbcb909d9f0605ca7346fc35b93a0fc5 Mon Sep 17 00:00:00 2001 From: wadepickett Date: Fri, 1 Aug 2025 15:01:19 -0700 Subject: [PATCH 08/12] Fixed typo Endpoint --- aspnetcore/grpc/interprocess-namedpipes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 56ddacd30f76..b8d7fee0bc44 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -110,7 +110,7 @@ builder.WebHost.UseNamedPipes(options => { var pipeSecurity = CreatePipeSecurity(context.NamedPipeEndpoint.PipeName); - return NamedPipeServerStreamAcl.Create(context.NamedPipeEndPoint.PipeName, PipeDirection.InOut, + return NamedPipeServerStreamAcl.Create(context.NamedPipeEndpoint.PipeName, PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Byte, context.PipeOptions, inBufferSize: 0, outBufferSize: 0, pipeSecurity); }; From 9565cdb84f3c29bae7bea7859b4d6df172ccf3c7 Mon Sep 17 00:00:00 2001 From: wadepickett Date: Fri, 1 Aug 2025 15:13:53 -0700 Subject: [PATCH 09/12] Removed xref link that does not exist --- aspnetcore/grpc/interprocess-namedpipes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index b8d7fee0bc44..c83bb74e7bb6 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -90,9 +90,9 @@ The preceding example: * Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. ### Customize Kestrel named pipe endpoints -Kestrel's named pipe support enables advanced customization, allowing you to configure different security settings for each endpoint using the option. This approach is ideal for scenarios where multiple named pipe endpoints require unique access controls. The ability to customize pipes per endpoint is available starting with .NET 9. +Kestrel's named pipe support enables advanced customization, allowing you to configure different security settings for each endpoint using the `CreateNamedPipeServerStream` option. This approach is ideal for scenarios where multiple named pipe endpoints require unique access controls. The ability to customize pipes per endpoint is available starting with .NET 9. -An example of where this is useful is a Kestrel app that requires two pipe endpoints with different access security. The option can be used to create pipes with custom security settings, depending on the pipe name. +An example of where this is useful is a Kestrel app that requires two pipe endpoints with different access security. The `CreateNamedPipeServerStream` option can be used to create pipes with custom security settings, depending on the pipe name. ```csharp From 5f128debcaa33566aaa1f49cb2fd47ca190af23c Mon Sep 17 00:00:00 2001 From: Wade Pickett Date: Fri, 1 Aug 2025 18:56:08 -0700 Subject: [PATCH 10/12] Update aspnetcore/grpc/interprocess-namedpipes.md Co-authored-by: Tom Dykstra --- aspnetcore/grpc/interprocess-namedpipes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index c83bb74e7bb6..c078829849b5 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -50,7 +50,7 @@ The preceding example: ### Configuring PipeSecurity for Named Pipes -To customize the security of the named pipe, for example, to control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object to be specified. +To control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object to be specified. Example: From 62669f20bb5f69a05e3227537a2fecdeac78c512 Mon Sep 17 00:00:00 2001 From: Wade Pickett Date: Mon, 4 Aug 2025 14:30:34 -0700 Subject: [PATCH 11/12] Update aspnetcore/grpc/interprocess-namedpipes.md Co-authored-by: James Newton-King --- aspnetcore/grpc/interprocess-namedpipes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index c078829849b5..18c2e5f58821 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -90,6 +90,7 @@ The preceding example: * Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario. ### Customize Kestrel named pipe endpoints + Kestrel's named pipe support enables advanced customization, allowing you to configure different security settings for each endpoint using the `CreateNamedPipeServerStream` option. This approach is ideal for scenarios where multiple named pipe endpoints require unique access controls. The ability to customize pipes per endpoint is available starting with .NET 9. An example of where this is useful is a Kestrel app that requires two pipe endpoints with different access security. The `CreateNamedPipeServerStream` option can be used to create pipes with custom security settings, depending on the pipe name. From 5995eb254d561a17edebc24ef8febe063a7297d7 Mon Sep 17 00:00:00 2001 From: Wade Pickett Date: Mon, 4 Aug 2025 14:32:08 -0700 Subject: [PATCH 12/12] Apply suggestions from JamesNK code review --- aspnetcore/grpc/interprocess-namedpipes.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md index 18c2e5f58821..957c8ff22887 100644 --- a/aspnetcore/grpc/interprocess-namedpipes.md +++ b/aspnetcore/grpc/interprocess-namedpipes.md @@ -98,7 +98,6 @@ An example of where this is useful is a Kestrel app that requires two pipe endpo ```csharp var builder = WebApplication.CreateBuilder(); - builder.WebHost.ConfigureKestrel(options => { options.ListenNamedPipe("pipe1"); @@ -116,7 +115,6 @@ builder.WebHost.UseNamedPipes(options => context.PipeOptions, inBufferSize: 0, outBufferSize: 0, pipeSecurity); }; }); - ``` ## Client configuration