none
is it secure to send windows password via netNamedPipeBinding to WCF service running on windows service? RRS feed

  • Question

  • Hello,

    I don't know, is it secure to send windows password via netNamedPipeBinding to WCF service running on windows service? Hence, I request your thoughts on this and here is the scenario

    We are asking the user to enter the windows user name and password from client application and sending them to WCF service(without explicit encryption) since the service need to interact with network mapped drive but currently we are not sure whether .net takes care of encrypting the user name and password and sends it via pipe or not.

    About service details,

    1. It uses the netNamedPipeBinding because we wanted this to be within machine level scope

    2. Security mode set to mode="Transport" inthe config file

    3. Transport protectionLevel set to protectionLevel="EncryptAndSign" inthe config file

    4. There is no app.config at client side but creating object by passing "NetNamedPipeSecurityMode.Transport" "new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport)"

    5. The machine where the wcf service is hosted may or may not be connected to internet

    Is these enough? Or should I use explicit encryption? If explicit encryption required then, how to do?

    Thanks, Sudhakar

    • Moved by Anne Jing Thursday, March 27, 2014 2:54 AM
    Wednesday, March 26, 2014 4:51 AM

Answers

  • Hi,

    Since the NetNamedPipeBinding only works if the WCF clients is on the same machine as your service. So there is only transport level security.

    Also please check the above, the netNamedPipeBinding only supports the windows authentication. So it is secure to send windows user and password via netNamedPipeBinding to WCF service.

    For more information, please try to refer to:
    http://msdn.microsoft.com/en-us/library/ms731699.aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Tuesday, April 1, 2014 2:39 AM
    Moderator

All replies

  • Hi,

    Your thread is main about the problem of netNamedPipeBinding in WCF. So I move your thread to Windows Communication Foundation, Serialization, and Networking forum. You can get more profession help in there.

    Best Wishes!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey. Thanks<br/> MSDN Community Support<br/> <br/> Please remember to &quot;Mark as Answer&quot; the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Thursday, March 27, 2014 3:03 AM
  • Hi,

    Since the NetNamedPipeBinding only works if the WCF clients is on the same machine as your service. So there is only transport level security.

    Also please check the above, the netNamedPipeBinding only supports the windows authentication. So it is secure to send windows user and password via netNamedPipeBinding to WCF service.

    For more information, please try to refer to:
    http://msdn.microsoft.com/en-us/library/ms731699.aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Tuesday, April 1, 2014 2:39 AM
    Moderator