3

I am new to WCF and Named pipes. we have created one WCF service, one host application to host the WCF service and UI application. UI application need to call methods of WCF service to perform some action and also need to receive message from the service. both host application and UI application are running on same machine.

In host application( to host the WCF service), we used netNamedPipeBinding to create named pipe. below is code snipes

string address = 'net.pipe://localhost/xyz/WCFService';
NetNamedPipeBinding binding = new 
NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport);
binding.ReceiveTimeout = TimeSpan.MaxValue;
EndpointAddress ep = new EndpointAddress(address);
channel = ChannelFactory<WCFServiceLib.ITest1Service>.CreateChannel(binding, 
ep);

channel.start();

but when I tried using Attack Surface Analyzer tool @ http://www.microsoft.com/en-in/download/details.aspx?id=24487 it detected vulnerability with "m_sf_namespace_pipe"

Attach surface analyzer.exe tool shows 'The following processes were found to have an open handle to this' message 'GENERIC_ALL GENERIC_WRITE WRITE_OWNER WRITE_DAC SECTION_MAP_WRITE' for my UI application.

In WCF service, we used default setting, is there something I can control here? is there any way to provide better security/Access control so that analyzer tool should not detect any vulnerability?

Thanks

user3106005
  • 179
  • 3
  • 20
  • Here is a blog post about setting ACL for wcf named pipe binding: http://web.archive.org/web/20110825060451/http://blogs.charteris.com/blogs/chrisdi/archive/2008/06/23/exploring-the-wcf-named-pipe-binding-part-3.aspx – Evk Oct 24 '17 at 13:59
  • Thanks a lot, will try out the solution posted in above link, and update the result. – user3106005 Oct 26 '17 at 06:37
  • I tried what is suggested in above "Chris Disson's blog" but after running service code in admin privilege, got below exception. "There is an issue with StudentService Some or all identity references could not be translated." here is my code which host the service "There is an issue with StudentService Object reference not set to an instance of an object." Uri httpBaseAddress = new Uri("net.pipe://localhost/ServiceHost/ServiceHost"); studentServiceHost.AddServiceEndpoint( typeof(StudentService.IStudentService),binding, httpBaseAddress); studentServiceHost.Open(); – user3106005 Oct 26 '17 at 10:14
  • Well I didn't work with WCF for years (let alone with net pipes with ACL) so cannot really help with details, just though that link might be useful. – Evk Oct 26 '17 at 10:15
  • providing workable solution will really help me to solve the issue. – user3106005 Oct 26 '17 at 10:15
  • I tried what is suggested in web.archive.org/web/20110825060451/http://blogs.charteris.co‌​m/… but still attack surface analyzer tool (provided by miceosoft)detected security threat :( – user3106005 Oct 29 '17 at 13:11
  • that tool giving security threat saying "ACL must be tighten" – user3106005 Oct 29 '17 at 13:12
  • in my case there are only 2 client applications, which r going to connect with server, is there any way we can restrict connection for 2 client only netnamedpipebinding ? – user3106005 Oct 29 '17 at 13:17

0 Answers0