none
netNamedPipeBinding client filter RRS feed

  • Question

  • I am developing WCF service hosted in a Windows Service, to allow a client application to run commands in an elevated context. The client will run in the user context, the Windows Service will be running as Local System, and will accept command from the client using named pipes. I am completely new to named pipes.

    I have decided to use netNamedPipeBinding, as it can only be used on the local machine, and solves a concern I had of being compromised remotely.

    How can I restrict it so that only my client can communicate with the Windows Service using named pipes? Is there some sort of detection logic I can include in the code in the Windows Service to disregard calls from untrusted processes?

    Friday, June 27, 2014 3:58 PM

All replies

  • Hi,

    You can use some authentication in your WCF Service. For example you can use the username authentication. Then only the client which knows the username and password can access the WCF Service.

    For more information, please try to refer to:
    #WCF Service with custom username password authentication:
    http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti .

    #A simple WCF service with username password authentication:
    http://codebetter.com/petervanooijen/2010/03/22/a-simple-wcf-service-with-username-password-authentication-the-things-they-don-t-tell-you/ .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, June 30, 2014 5:12 AM
    Moderator
  • Hi Amy,

    Thanks for the reply.

    I've always been a bit wary of storing usernames and passwords in code, as it's so easy to decompile .NET assemblies and expose them.

    Is there any way to get information in the WCF service from the calling client?

    Maybe I'm approaching this wrong (I did say I was a named pipe newbie!). Is it an assumption that if you are going to use named pipes, your code should be structured in a way that cannot be taken advantage of?

    Thanks

    Monday, June 30, 2014 10:00 PM
  • Hi,

    If you do not want to use the username authentication, then I will recommand you use the certificate authentication. Only the client which has installed the right certificate can access the WCF Service.

    For more information about how to implement it, please try to refer to the following articles:

    #An easy way to use certificates for WCF security:
    http://www.codeproject.com/Articles/18601/An-easy-way-to-use-certificates-for-WCF-security .

    #How to: Use Certificate Authentication and Message Security in WCF:
    http://msdn.microsoft.com/en-us/library/ff648360.aspx .

    #How to: Use Certificate Authentication and Transport Security in WCF:
    http://msdn.microsoft.com/en-us/library/ff650785.aspx .


    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, July 1, 2014 1:12 PM
    Moderator
  • Using a certificate would allow me to implement a level of authentication that does not require me to store passwords in code, although it doesn't look any more secure, as the certificate would have to be stored on the local file system. Any other developer in my company that wanted to interact with my service would have access to the certificate.

    Is there no way in code that I can obtain information in the service from the calling client?

    Wednesday, July 16, 2014 5:12 AM