-
Notifications
You must be signed in to change notification settings - Fork 10k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NamedPipeTransportOptions should support multiple PipeSecurity (DACL) #53306
Comments
@kenans Thanks for the suggestion! Can you tell us a bit more about what you'd do with this functionality? What's an example of where pipes would benefit from having different |
@JamesNK May recall our reasoning for not doing this in the first place (possibly, it was just that no one had asked). |
No one had asked. I think if we do this then we would have a func similar to SocketTransportOptions.CreateBoundListenSocket. public sealed class NamedPipeTransportOptions
{
// ...
Func<EndPoint, PipeSecurity> CreatePipeSecurity { get; set; }
// ...
} Although I think we should look to see if there are any other settings that should be configurable. Maybe we should allow someone to override creating the whole pipe, e.g. |
No one had asked. I think if we do this then we would have a func similar to SocketTransportOptions.CreateBoundListenSocket with a callback. public sealed class NamedPipeTransportOptions
{
// ...
Func<EndPoint, PipeSecurity> CreatePipeSecurity { get; set; }
// ...
} The callback could replace the current property (we deprecate it) or we have them live side-by-side and throw an error if both are set. Although I think we should look to see if there are any other settings that should be configurable on a per-pipe basis. Maybe we should allow someone to override creating the whole pipe, e.g. |
The idea is to have more granular control over the named pipe permissions (DACL) via
|
@JamesNK Thank you for the reply! Both Regarding the BYO pipe proposal, it would be nice to clarify that existing settings in |
Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
Today, Kestrel is capable of binding to multiple
NamedPipeEndpoint
However, DACL for each Named Pipe is set up using the identical
NamedPipeTransportOptions.PipeSecurity
found inNamedPipeConnectionListener
The underlying issue for this is that
NamedPipeTransportFactory.BindAsync(EndPoint endpoint, CancellationToken cancellationToken)
is called multiple times with eachNamedPipeEndpoint
, but they all share the sameNamedPipeTransportOptions
.Describe the solution you'd like
It would be nice to be able to assign unique DACL (
PipeSecurity
) to differentNamedPipeEndpoint
.One possible approach is to map
PipeSecurity
with the pipe name inNamedPipeTransportOptions
,When
NamedPipeServerStream
is created, do something like below,Additional context
No response
The text was updated successfully, but these errors were encountered: