When users first connect to my sessionful service, they provide a user name in the form of a string. If multiple users have provided the same user name, the server appends all new users with a number that increments based on how many exist on the service already.
These user names are the value in a Dictionary<IChatCallback, string> dictionary. Whenever a user calls a method such as SendMessage on the server, the server detects who the caller is by doing a dictionary lookup based on OperationContext.Current.GetCallbackChannel<IChatCallback>() as the key.
My question is... can this channel be spoofed? Can somebody somehow call methods on the service under someone elses callback channel, and the server is oblivious?
