All geek questions in one place

How to properly set security for NetNamedPipe?

I have a WCF service with NetNamedPipe for interprocess communication, and I would like to add security to it. Everything works fine without security, but when I try to use transcon protection, I get the exception "InvalidCredentialException: server rejected client credentials". Can you help me?

Code example:

var netPipeBinding = new NetNamedPipeBinding() { MaxReceivedMessageSize = 2147483647, SendTimeout = TimeSpan.FromMinutes(10), ReceiveTimeout = TimeSpan.FromMinutes(10) };
netPipeBinding.ReaderQuotas.MaxDepth = 2147483647;
netPipeBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxArrayLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
netPipeBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
netPipeBinding.Security.Mode = NetNamedPipeSecurityMode.Transport;
netPipeBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
var host = new ServiceHost(typeof(MainService));
var netPipeEA = new EndpointAddress(new Uri("net.pipe://MyProject/ServerSide"));
var contractDescription = ContractDescription.GetContract(typeof (IMainService), typeof (MainService));
host.AddServiceEndpoint(new ServiceEndpoint(contractDescription, netPipeBinding, netPipeEA));
host.Opened += HostOnOpened;
host.Open();

...

...

    private void HostOnOpened(object sender, EventArgs eventArgs)
    {
        var netPipeBinding = new NetNamedPipeBinding() { MaxReceivedMessageSize = 2147483647, SendTimeout = TimeSpan.FromMinutes(10), ReceiveTimeout = TimeSpan.FromMinutes(10) };
        netPipeBinding.ReaderQuotas.MaxDepth = 2147483647;
        netPipeBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
        netPipeBinding.ReaderQuotas.MaxArrayLength = 2147483647;
        netPipeBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
        netPipeBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
        netPipeBinding.Security.Mode = NetNamedPipeSecurityMode.Transport;
        netPipeBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;

        DuplexChannelFactory<IMainService> channelFactory = new DuplexChannelFactory<IMainService>(new InstanceContext(new CalbackHandler()), netPipeBinding,
                                                                                                                               new EndpointAddress(IMainService));

        var proxy = channelFactory.CreateChannel();
        proxy.DoPing();
    }

thanks

+4
source share
1 answer

The machine name, in this case "localhost", because you are using a named pipe, must be defined in the EndpointAddress URI.

0
source

Source: https://habr.com/ru/post/1527073/

More articles:


All Articles