All geek questions in one place

Is NetNamedPipeBinding binding required to work on only one machine?

I created a Windows service that uses WCF to communicate with it. The service should only be used on the same machine. If I can guarantee that there is no way to communicate with him from another computer, I can consider it protected.

Since I use communications on the same machine, I decided to use NetNamedPipeBinding . This binding documentation states that it is optimized for communication on the machine, but does not provide any guarantees.

My questions are that NetNamedPipeBinding provides guarantees only on the machine? If this is not the case, or how can you implement custom bindings that provide such guarantees?

Thanks,
Asaf

+4
source share
3 answers

Microsoft published the following in Select Transport on MSDN:

When to use transport with named pipes

A named pipe is an object in the kernel of the Windows operating system, such as a shared memory partition, which processes can use to communicate. A named pipe has a name and can be used for one-way or duplex communication between processes on the same machine.

If communication between different WCF applications on one computer is required and you want to prevent any communication from another computer, use the named pipe transport. An additional limitation is that processes running with Windows Remote Desktop can be limited to the same Windows Remote Desktop session if they do not have privileges.

This largely gives the desired guarantee.

+6
source

I read the text from Essential WCF - Chapter 4 (Bindings) and found the following, which I reproduce only with the intention of helping someone;

WCF Restricts binding of netNamedPipeBidning to the local machine

Although named pipes can be used to exchange data over a network, WCF restricts the use of local communication on a computer. This means that it can be used to ensure that your service is not accessible over the network. This is done using two mechanisms:

a) The network security identifier (SID: S-1-5-2) is denied access to the named pipe. b) the name of the named pipe is randomly generated and stored in shared memory, so only clients working on the same computer can access it.

+3
source

NetNamedPipeBinding is only suitable for the local machine. See the chart on the page here for a good, methodical way to determine which type of binding to use.

Here's an external link that gives a more definitive answer than just-accept-my-word-for-it.

+1
source

Source: https://habr.com/ru/post/1304264/

More articles:


All Articles