By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,855 Members | 1,970 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,855 IT Pros & Developers. It's quick & easy.

Remoting IPCChannel security with Service

P: n/a
I have a simple remoting sample using IPCChannel. If I run the server code
as a console app my client can connect just fine. However, if I the same
server code runs in a service, the client gets a RemotingException of
"Failed to connect to an IPC Port: Access is denied".

The Access is denied changes if my service isn't running to "The system
cannot find the file specified" so the I think I'm connecting but being
denied due to some type of security issue.

I'm very weak on security, My service runs under Local System and can
potentially service requests from multiple users. This is a low security
situation so what is the simplest way to get the server to allow any client
to connect or code the client so the server will always allow it to connect?

Thanks,
--
Grant Schenck
Sep 13 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
OK, partially answering my own question...

If my service is logged in "Local System" then my client fails attempting to
invoke a method on a remoted object hosted by the service with a
RemotingException of "Failed to connect to an IPC Port: Access is denied".

However, if my service is logged in as the same user name/pw as the user
running the client then it works.

So, the problem IS security.

How do I configure my server so any user running the client can connect? I
really have no clue how security works in this regard...

Thanks!
--
Grant Schenck

"Grant Schenck" <sc******@optonline.netwrote in message
news:ek**************@TK2MSFTNGP02.phx.gbl...
>I have a simple remoting sample using IPCChannel. If I run the server code
as a console app my client can connect just fine. However, if I the same
server code runs in a service, the client gets a RemotingException of
"Failed to connect to an IPC Port: Access is denied".

The Access is denied changes if my service isn't running to "The system
cannot find the file specified" so the I think I'm connecting but being
denied due to some type of security issue.

I'm very weak on security, My service runs under Local System and can
potentially service requests from multiple users. This is a low security
situation so what is the simplest way to get the server to allow any
client to connect or code the client so the server will always allow it to
connect?

Thanks,
--
Grant Schenck


Sep 13 '06 #2

P: n/a
"Grant Schenck" <sc******@optonline.netwrites:
How do I configure my server so any user running the client can connect? I
really have no clue how security works in this regard...
IpcChannel accepts a dictionary containing properties for setting up the
channel. You can use this to set the user/group which is authorized to
connect to the pipe, e.g.:

IDictionary prop = new Hashtable();
prop["name"] = "Server";
prop["portName"] = pipeName;
prop["tokenImpersonationLevel"] = TokenImpersonationLevel.Impersonation;
prop["includeVersions"] = false;
prop["strictBinding"] = false;
prop["secure"] = true;
prop["authorizedGroup"] = "DOMAIN\\DomainGroup"

IpcChannel channel = new IpcChannel(prop, clientProv, serverProv);
ChannelServices.RegisterChannel(channel, true);
Use the NTAccount class to find the locale-dependant name of a
well-known SID.

Hope this helps,
Martin
Sep 25 '06 #3

P: n/a
You need to set the authorizedGroup property in the server channel config
<channel ref="ipc" portName="MyIPC" authorizedGroup="Everyone">

"Grant Schenck" <sc******@optonline.netwrote in message
news:ek**************@TK2MSFTNGP02.phx.gbl...
>I have a simple remoting sample using IPCChannel. If I run the server code
as a console app my client can connect just fine. However, if I the same
server code runs in a service, the client gets a RemotingException of
"Failed to connect to an IPC Port: Access is denied".

The Access is denied changes if my service isn't running to "The system
cannot find the file specified" so the I think I'm connecting but being
denied due to some type of security issue.

I'm very weak on security, My service runs under Local System and can
potentially service requests from multiple users. This is a low security
situation so what is the simplest way to get the server to allow any
client to connect or code the client so the server will always allow it to
connect?

Thanks,
--
Grant Schenck


Oct 17 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.