Should I use the NetNamedPipe binding in WCF for security reasons?

Question

The WCF documentation says that the "Net Named Pipe" binding can be used for fast interprocess communication on a single machine. It cannot be used for communication across machines.

I would like to know if using the Net Named Pipe binding will protect my service from being attacked from outside the network. I've been told that the answer is no; that although Net Named Pipe binding is meant to be used for interprocess communication on the same machine, it can be hacked to allow access from other machines. Is that accurate?

WCF experts, please chime in. Does using the Net Named Pipe binding intrinsically protect my service from unauthorized access from other machines?

Answer 1

The correct answer is YES: the NetNamedPipeBinding does intrinsically protect the service from any access from other machines across the network. The pipe which the WCF service-side stack creates carries an ACL which denies all access to any logon token which has membership of the NETWORK USERS group. This group membership is present in any network logon token.

There are some security issues with the NetNamedPipeBinding, particularly in .NET 3.5, but vulnerability to remote exploits is not one of them.

See this post and subsequent posts for details.

Answer 2

Per the name Net Named Pipe this binding uses local named pipes as the transport mechanism. On Windows machines named pipes are treated like files... and as such are accessible remotely like browsing to a machine with \\machinename. Therefore since the transport mechanism is accessible to remote machines the binding is inherently not immune to unauthorized access, although there may be some security advantages to named pipes as opposed to TCP or HTTP.