0

I'm using a WCF service with the NetNamedPipesBinding to communicate between two AppDomains in my process.

How do I secure the service so that it is not accessible to other users on the same machine?

I have already taken the precaution of using a GUID in the Endpoint Address, so there's a little security through obscurity, but I'm looking for a way of locking the service down using ACL or something similar.

Samuel Jack
  • 32,712
  • 16
  • 118
  • 155

3 Answers3

1

See http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/23/exploring-the-wcf-named-pipe-binding-part-3.aspx for one way to do it via ACLs.

Chris Dickson
  • 11,964
  • 1
  • 39
  • 60
0

you can use WCF authentication. One of the options is to validate against the windows username and password. If you use active directory, you can use that too (harder to set up, put less of a burden). http://blogs.msdn.com/pedram/archive/2007/10/05/wcf-authentication-custom-username-and-password-validator.aspx.

Steve
  • 11,763
  • 15
  • 70
  • 103
  • Your link is to NetTCPBinding not Named Pipes – Shiraz Bhaiji Mar 19 '10 at 15:22
  • If you're doing it in code, you can (most likely) add the behavior shown in that post. If you're using xml configuration, you may be out of luck, its far less powerful. – Steve Mar 19 '10 at 15:39
0

WCF NetNamedPipesBinding has only Transport Security

http://msdn.microsoft.com/en-us/library/ms731699.aspx

Is this a shared PC? Do you have several users logging on locally to the same physical machine?

Shiraz Bhaiji
  • 64,065
  • 34
  • 143
  • 252