获取EndpointNotFoundException与NetNamedPipeBinding在C#;需要创建一个全局命名管道 [英] Getting EndpointNotFoundException with NetNamedPipeBinding in C#; Need To Create Global Named Pipe
问题描述
我运行一个窗口服务,而我在一个NetNamedPipeBinding发送消息。这些消息是从一个由GPO触发的客户端应用程序发送。我刚刚安装了一个新的服务器上的服务端和客户端,我得到以下信息:
I am running a windows service to which I send messages over a NetNamedPipeBinding. The messages are send from a client application which is triggered by a GPO. I just installed the service and client on a new server and I'm getting the following message:
System.ServiceModel.EndpointNotFoundException:
There was no endpoint listening at
net.pipe://localhost/VOXAServices/VOXADefaultPipe that could accept the
message. This is often caused by an incorrect address or SOAP action.
See InnerException, if present, for more details.
有没有内部异常。如果我运行通过双击桌面上的图标,客户端应用程序,它运行没有问题。我管理这两个窗口服务和客户端应用程序的代码,这样我就可以改变一切,我需要。但到目前为止,我敢确信约束力,合同,地址是正确的(因为从桌面运行时,一切都正常运行)。我认为这个问题必须与客户端应用程序正在从一个GPO中运行。但我想不出任何理由,将导致此错误。
There is no inner exception. If I run the client application by double-clicking it's icon on the desktop, it runs without a problem. I manage the code for both the windows service and client application, so I can change whatever I need to. But so far, I'm pretty convinced that the binding, contract, and address are all correct (since everything runs fine when run from the desktop). I believe the problem must be with the client app being run from a GPO. But I can't think of any reason why that would cause this error.
更新:
我读这本关于微软的网站:
I read this this on Microsoft's website:
命名管道是Windows操作系统内核对象,比如
以共享存储器进程可以使用
的通信的部分。命名管道有一个名字,并可以用于单向或$ B在一台机器上的进程之间$ B全双工通信。
A named pipe is an object in the Windows operating system kernel, such as a section of shared memory that processes can use for communication. A named pipe has a name, and can be used for one-way or duplex communication between processes on a single machine.
当在不同之间所需的通信一个
单台计算机上WCF的应用程序,并且要防止
另一台机器上的任何信息,然后使用命名管道运输。 一个额外的
的限制是从Windows远程桌面中运行的进程可能
被限制在同一个Windows远程桌面会话,除非他们
拥有更高权限。
When communication is required between different WCF applications on a single computer, and you want to prevent any communication from another machine, then use the named pipes transport. An additional restriction is that processes running from Windows Remote Desktop may be restricted to the same Windows Remote Desktop session unless they have elevated privileges.
(选择一个交通运输,加上强调)
我需要在客户端过程中(未授权)用户的上下文中运行并具有UAC对话框弹出不是一个选项。反正我给这个客户端进程提升权限,同时保留了用户上下文的进程在运行,而不是让用户特权
I need the client process to run in the context of the (unprivileged) user and having a UAC dialog pop up is not an option. Is there anyway for me to give this client process elevated privileges while keeping the process running in the user context and not making the user privileged?
更新#2?
看来,有这样的事,作为全球和本地(以Windows会话)命名管道。我相信我的Windows服务是创建一个本地命名管道,如果我可以强制它来创建一个全局命名管道,这将解决我的问题。 (这就是为什么我看不到我的烟斗的Sysinternals进程资源管理器,即使我的客户端应用程序可以找到它,如果我从一个特权会话启动它)。麻烦的是,我不知道(而且似乎无法找到)如何强制使用命名管道,以在全球范围内创建(C#)。任何想法?
It appears that there is such a thing as global and local (to the windows session) Named Pipes. I believe my windows service is creating a local named pipe and that if I can force it to create a global named pipe, it would solve my problem. (This explains why I couldn't see my pipe in sysinternals "Process Explorer", even though my client app could find it if I launched it from a privileged session). The trouble is, I don't know (and can't seem to find out) how to force a named pipe to be created globally (c#). Any ideas?
推荐答案
的由WCF客户找到WCF服务NetNamedPipe端点涉及该服务用来告诉客户要使用管道的实际名称的内核共享内存对象的机制。如果客户端将要在不同的登录会话到服务器,这个共享内存对象必须在全球而不是本地内核命名空间。命名管道本身有一个单一命名空间,所有的客户端可见。你不能直接控制WCF使用共享内存对象的命名空间,但是这将是全球核命名空间提供了服务器与SeCreateGlobalPrivilege运行Windows服务。你的问题似乎暗示着这样的话,所以我怀疑你的问题是否与内核对象命名空间的连接。
The mechanism by which WCF clients find WCF service NetNamedPipe endpoints involves a kernel shared memory object which the service uses to tell clients the actual name of the pipe to be used. If clients are going to be in a different logon session to the server, this shared memory object must be in the Global and not the Local kernel namespace. The named pipes themselves have a single namespace, visible to all clients. You cannot directly control the namespace WCF uses for the shared memory object, but it will be the Global kernel namespace provided that your server is a Windows Service running with SeCreateGlobalPrivilege. Your question seems to imply that this is the case, so I'm sceptical whether your problem is connected with kernel object namespaces.
另外两个可能的原因是:
Two other possible causes are:
-
这同时保护共享内存对象和命名管道上的ACL。这些将始终拒绝访问到具有网络的用户组(SID S-1-5-2)会员有安全上下文。这种强制的没有远程访问WCF保证命名管道终点。
The ACLs which protect both the shared memory object and the named pipe. These will always deny access to any security context which has membership of the NETWORK USERS group (SID S-1-5-2). This enforces the WCF guarantee of no remote access to named pipe endpoints.
如果您在Vista或更高版本,客户端进程的强制性完整性级别必须运行不大于内核对象的强制完整性水平(这将是隐含的水平 - 中 - 除非你采取了特殊的步骤,使用强制完整性标签提升)
If you are running on Vista or later, the Mandatory Integrity level of the client process must not be lower than the Mandatory Integrity level of the kernel objects (which will be the implied level - Medium - unless you have taken special steps to elevate using Mandatory Integrity Labels)
我不知道有足够的了解,其中客户端过程中由GPO开始将运行进一步建议的安全上下文,但我建议你检查这两种可能性和后进一步更新你的问题相应。
I don't know enough about the security context in which your client process started by the GPO would run to advise further, but I suggest you check these two possibilities and post further updates to your question accordingly.
这篇关于获取EndpointNotFoundException与NetNamedPipeBinding在C#;需要创建一个全局命名管道的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
