gRPC:PipeSecurity for Named Pipes

wadepickett · wadepickett · commit 907ed7c016f7 · 2025-07-01T14:59:30.000-07:00
diff --git a/aspnetcore/grpc/interprocess-namedpipes.md b/aspnetcore/grpc/interprocess-namedpipes.md
@@ -4,7 +4,7 @@ author: jamesnk
 description: Learn how to use gRPC for inter-process communication with Named pipes.
 monikerRange: '>= aspnetcore-8.0'
 ms.author: wpickett
-ms.date: 01/18/2023
+ms.date: 07/01/2025
 uid: grpc/interprocess-namedpipes
 ---
 # Inter-process communication with gRPC and Named pipes
@@ -47,6 +47,46 @@ The preceding example:
 * Calls `ListenNamedPipe` to listen to a named pipe with the specified name.
 * Creates a named pipe endpoint that isn't configured to use HTTPS. For information about enabling HTTPS, see [Kestrel HTTPS endpoint configuration](xref:fundamentals/servers/kestrel/endpoints#listenoptionsusehttps).
 
+### Configuring PipeSecurity for Named Pipes
+
+To customize the security of the named pipe, for example, to control which users or groups can connect, use the [`NamedPipeTransportOptions`](xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions) class. This allows you to specify a custom [`PipeSecurity`](xref:System.IO.Pipes.PipeSecurity) object.
+
+Example:
+
+```csharp
+using Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes;
+using System.IO.Pipes;
+using System.Security.AccessControl;
+
+var builder = WebApplication.CreateBuilder(args);
+builder.WebHost.ConfigureKestrel(serverOptions =>
+{
+    serverOptions.ListenNamedPipe("MyPipeName", listenOptions =>
+    {
+        listenOptions.Protocols = HttpProtocols.Http2;
+
+        // Configure PipeSecurity
+        listenOptions.UseNamedPipes(options =>
+        {
+            var pipeSecurity = new PipeSecurity();
+            // Grant read/write access to the Users group
+            pipeSecurity.AddAccessRule(new PipeAccessRule(
+                "Users",
+                PipeAccessRights.ReadWrite,
+                AccessControlType.Allow));
+            // Add additional rules as needed
+
+            options.PipeSecurity = pipeSecurity;
+        });
+    });
+});
+
+The preceding example:
+
+* Uses <xref:Microsoft.AspNetCore.Hosting.WebHostBuilderNamedPipeExtensions.UseNamedPipes> to access and configure <xref:Microsoft.AspNetCore.Server.Kestrel.Transport.NamedPipes.NamedPipeTransportOptions>.
+* Sets the <xref:System.IO.Pipes.PipeSecurity> property to control which users or groups can connect to the named pipe.
+* Grants read/write access to the `Users` group. Additional security rules can be added as needed for the scenario.
+
 ## Client configuration
 
 `GrpcChannel` supports making gRPC calls over custom transports. When a channel is created, it can be configured with a <xref:System.Net.Http.SocketsHttpHandler> that has a custom <xref:System.Net.Http.SocketsHttpHandler.ConnectCallback>. The callback allows the client to make connections over custom transports and then send HTTP requests over that transport.
