NamedPipeServerStream::RunAsClient Method (PipeStreamImpersonationWorker^)

 

Calls a delegate while impersonating the client.

Namespace:   System.IO.Pipes
Assembly:  System.Core (in System.Core.dll)

public:
[SecurityCriticalAttribute]
[SecurityPermissionAttribute(SecurityAction::Demand, Flags = SecurityPermissionFlag::ControlPrincipal)]
void RunAsClient(
	PipeStreamImpersonationWorker^ impersonationWorker
)

Parameters

impersonationWorker
Type: System.IO.Pipes::PipeStreamImpersonationWorker^

The delegate that specifies a method to call.

Exception Condition
InvalidOperationException

No pipe connections have been made yet.

-or-

The connected pipe has already disconnected.

-or-

The pipe handle has not been set.

ObjectDisposedException

The pipe is closed.

IOException

The pipe connection has been broken.

-or-

An I/O error occurred.

The connecting client's permissions are applied to the remote server. For example, if the connecting client tries to request the contents of a file on the server, the client can request only files that it has sufficient permissions to open.

The following example demonstrates a method to create a pipe server that can respond to multiple simultaneous client requests, and a method for client impersonation. This example creates a NamedPipeServerStream object in a parent process, which then creates multiple threads that wait for NamedPipeClientStream objects to connect. After a client is connected, it supplies a file name to the server and the contents of that file are read and sent back to the client. Because the NamedPipeServerStream impersonates the client when opening the file, the client can request only files that it has sufficient permissions to open.

#using <System.Core.dll>

using namespace System;
using namespace System::IO;
using namespace System::IO::Pipes;
using namespace System::Text;
using namespace System::Threading;

// Defines the data protocol for reading and writing strings on our stream
public ref class StreamString
{
private:
    Stream^ ioStream;
    UnicodeEncoding^ streamEncoding;

public:
    StreamString(Stream^ ioStream)
    {
        this->ioStream = ioStream;
        streamEncoding = gcnew UnicodeEncoding();
    }

    String^ ReadString()
    {
        int len;

        len = ioStream->ReadByte() * 256;
        len += ioStream->ReadByte();
        array<Byte>^ inBuffer = gcnew array<Byte>(len);
        ioStream->Read(inBuffer, 0, len);

        return streamEncoding->GetString(inBuffer);
    }

    int WriteString(String^ outString)
    {
        array<Byte>^ outBuffer = streamEncoding->GetBytes(outString);
        int len = outBuffer->Length;
        if (len > UInt16::MaxValue)
        {
            len = (int)UInt16::MaxValue;
        }
        ioStream->WriteByte((Byte)(len / 256));
        ioStream->WriteByte((Byte)(len & 255));
        ioStream->Write(outBuffer, 0, len);
        ioStream->Flush();

        return outBuffer->Length + 2;
    }
};

// Contains the method executed in the context of the impersonated user
public ref class ReadFileToStream
{
private:
    String^ fn;
    StreamString ^ss;

public:
    ReadFileToStream(StreamString^ str, String^ filename)
    {
        fn = filename;
        ss = str;
    }

    void Start()
    {
        String^ contents = File::ReadAllText(fn);
        ss->WriteString(contents);
    }
};

public ref class PipeServer
{
private:
    static int numThreads = 4;

public:
    static void Main()
    {
        int i;
        array<Thread^>^ servers = gcnew array<Thread^>(numThreads);

        Console::WriteLine("\n*** Named pipe server stream with impersonation example ***\n");
        Console::WriteLine("Waiting for client connect...\n");
        for (i = 0; i < numThreads; i++)
        {
            servers[i] = gcnew Thread(gcnew ThreadStart(&ServerThread));
            servers[i]->Start();
        }
        Thread::Sleep(250);
        while (i > 0)
        {
            for (int j = 0; j < numThreads; j++)
            {
                if (servers[j] != nullptr)
                {
                    if (servers[j]->Join(250))
                    {
                        Console::WriteLine("Server thread[{0}] finished.", servers[j]->ManagedThreadId);
                        servers[j] = nullptr;
                        i--;    // decrement the thread watch count
                    }
                }
            }
        }
        Console::WriteLine("\nServer threads exhausted, exiting.");
    }

private:
    static void ServerThread()
    {
        NamedPipeServerStream^ pipeServer =
            gcnew NamedPipeServerStream("testpipe", PipeDirection::InOut, numThreads);

        int threadId = Thread::CurrentThread->ManagedThreadId;

        // Wait for a client to connect
        pipeServer->WaitForConnection();

        Console::WriteLine("Client connected on thread[{0}].", threadId);
        try
        {
            // Read the request from the client. Once the client has
            // written to the pipe its security token will be available.

            StreamString^ ss = gcnew StreamString(pipeServer);

            // Verify our identity to the connected client using a
            // string that the client anticipates.

            ss->WriteString("I am the one true server!");
            String^ filename = ss->ReadString();

            // Read in the contents of the file while impersonating the client.
            ReadFileToStream^ fileReader = gcnew ReadFileToStream(ss, filename);

            // Display the name of the user we are impersonating.
            Console::WriteLine("Reading file: {0} on thread[{1}] as user: {2}.",
                filename, threadId, pipeServer->GetImpersonationUserName());
            pipeServer->RunAsClient(gcnew PipeStreamImpersonationWorker(fileReader, &ReadFileToStream::Start));
        }
        // Catch the IOException that is raised if the pipe is broken
        // or disconnected.
        catch (IOException^ e)
        {
            Console::WriteLine("ERROR: {0}", e->Message);
        }
        pipeServer->Close();
    }
};

int main()
{
    PipeServer::Main();
}

SecurityPermissionFlag

for the ability to manipulate the principal object. Security action: Demand. Associated enumeration: SecurityPermissionFlag::ControlPrincipal

.NET Framework
Available since 3.5
Return to top
Show: