How to correctly set security for NetNamedPipe?

Question

I have a WCF service with NetNamedPipe for interprocess communication and I would like to add security on it. Everything works great without security, but when I am trying to use tranport security I am getting "InvalidCredentialException: The server has rejected the client credentials" exception. Can you please help me?

Code sample:

var netPipeBinding = new NetNamedPipeBinding() { MaxReceivedMessageSize = 2147483647, SendTimeout = TimeSpan.FromMinutes(10), ReceiveTimeout = TimeSpan.FromMinutes(10) };
netPipeBinding.ReaderQuotas.MaxDepth = 2147483647;
netPipeBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxArrayLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
netPipeBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
netPipeBinding.Security.Mode = NetNamedPipeSecurityMode.Transport;
netPipeBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
var host = new ServiceHost(typeof(MainService));
var netPipeEA = new EndpointAddress(new Uri("net.pipe://MyProject/ServerSide"));
var contractDescription = ContractDescription.GetContract(typeof (IMainService), typeof (MainService));
host.AddServiceEndpoint(new ServiceEndpoint(contractDescription, netPipeBinding, netPipeEA));
host.Opened += HostOnOpened;
host.Open();

...

    private void HostOnOpened(object sender, EventArgs eventArgs)
    {
        var netPipeBinding = new NetNamedPipeBinding() { MaxReceivedMessageSize = 2147483647, SendTimeout = TimeSpan.FromMinutes(10), ReceiveTimeout = TimeSpan.FromMinutes(10) };
        netPipeBinding.ReaderQuotas.MaxDepth = 2147483647;
        netPipeBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
        netPipeBinding.ReaderQuotas.MaxArrayLength = 2147483647;
        netPipeBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
        netPipeBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
        netPipeBinding.Security.Mode = NetNamedPipeSecurityMode.Transport;
        netPipeBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;

        DuplexChannelFactory<IMainService> channelFactory = new DuplexChannelFactory<IMainService>(new InstanceContext(new CalbackHandler()), netPipeBinding,
                                                                                                                               new EndpointAddress(IMainService));

        var proxy = channelFactory.CreateChannel();
        proxy.DoPing();
    }

Thank you

http://msdn.microsoft.com/en-us/library/windows/desktop/aa365600(v=vs.85).aspx — , Feb 15 '14 at 09:02
What "security" are you trying to add? With the netNamedPipeBinding there is absolutely no point in adding data privacy and data integrity over the transport connection (`ProtectionLevel.EncryptAndSign`) because the transport is just a short hop across kernel memory under the control of the OS kernel - If there is any bad guy lurking there he already owns your machine. — Chris Dickson, Mar 14 '14 at 16:04
Question is: Can anyone anyhow listen what I am sending or receiving? If so, there should be some security — user2126375, Mar 15 '14 at 09:12
The operating system secures the data while it is traversing the pipe regardless of your WCF security settings - no-one can see the data in transit unless they are executing kernel mode code looking directly at the OS data structures which implement the pipe. If they can do that they can look at everything your application is doing anyway. — Chris Dickson, Mar 19 '14 at 00:02

score 0 · Answer 1 · answered Feb 18 '14 at 05:07

0

The machine name, in this case "localhost" because you are using named pipe should be defined in the EndpointAddress URI.

answered Feb 18 '14 at 05:07

Tim

1
1

How to correctly set security for NetNamedPipe?

1 Answers1