Skip to content

gRPC:PipeSecurity for Named Pipes #35691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

gRPC:PipeSecurity for Named Pipes #35691

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
907ed7c
gRPC:PipeSecurity for Named Pipes
wadepickett Jul 1, 2025
34d6fd7
Update metadata tags
wadepickett Jul 1, 2025
784f6ff
Corrected code fencing.
wadepickett Jul 1, 2025
dd35fc7
Fixed xref
wadepickett Jul 1, 2025
208c9d1
fix xref
wadepickett Jul 1, 2025
d02423e
xref fix again
wadepickett Jul 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 43 additions & 1 deletion aspnetcore/grpc/interprocess-namedpipes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ author: jamesnk
description: Learn how to use gRPC for inter-process communication with Named pipes.
monikerRange: '>= aspnetcore-8.0'
ms.author: wpickett
ms.date: 01/18/2023
ai-usage: ai-assisted
ms.date: 07/01/2025
uid: grpc/interprocess-namedpipes
---
# Inter-process communication with gRPC and Named pipes
Expand Down Expand Up @@ -47,6 +48,47 @@ The preceding example:
* Calls `ListenNamedPipe` to listen to a named pipe with the specified name.
* Creates a named pipe endpoint that isn't configured to use HTTPS. For information about enabling HTTPS, see [Kestrel HTTPS endpoint configuration](xref:fundamentals/servers/kestrel/endpoints#listenoptionsusehttps).

### Configuring PipeSecurity for Named Pipes

To customize the security of the named pipe, for example, to control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object to be specified.

Example:

```csharp
using Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes;
using System.IO.Pipes;
using System.Security.AccessControl;

var builder = WebApplication.CreateBuilder(args);
builder.WebHost.ConfigureKestrel(serverOptions =>
{
serverOptions.ListenNamedPipe("MyPipeName", listenOptions =>
{
listenOptions.Protocols = HttpProtocols.Http2;

// Configure PipeSecurity
listenOptions.UseNamedPipes(options =>
{
var pipeSecurity = new PipeSecurity();
// Grant read/write access to the Users group
pipeSecurity.AddAccessRule(new PipeAccessRule(
"Users",
PipeAccessRights.ReadWrite,
AccessControlType.Allow));
// Add additional rules as needed

options.PipeSecurity = pipeSecurity;
});
});
});
```

The preceding example:

* Uses `UseNamedPipes` to access and configure <xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions>.
* Sets the <xref:System.IO.Pipes.PipeSecurity> property to control which users or groups can connect to the named pipe.
* Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario.

## Client configuration

`GrpcChannel` supports making gRPC calls over custom transports. When a channel is created, it can be configured with a <xref:System.Net.Http.SocketsHttpHandler> that has a custom <xref:System.Net.Http.SocketsHttpHandler.ConnectCallback>. The callback allows the client to make connections over custom transports and then send HTTP requests over that transport.
Expand Down