tags:

views:

363

answers:

2
+2  Q: 

Configure WCF for LOCALHOST-only listening

Similar to the Visual Studio development web server (Cassini) limitation that it only servers on localhost, I have a WCF Service implementation that is only needed on localhost.

I wouldn't mind other machines having access, except that the Windows Firewall prompts to allow the program to listen on the externally-facing NIC. Since this is only needed internally, I would rather restrict the WCF Server-side configuration so that it doesn't trip the firewall detector.

Is binding.HostNameComparisonMode = HostNameComparisonMode.Exact the right solution? I don't see how this is enough.

====

Like Cassini, this Service implementation is a stand-in for something else which DOES require network communication. The client can be configured to connect to the real server or the fake implementation running on localhost.

A: 

It depends on how you are hosting it. If you are in IIS7 or WAS, then WCF uses IIS's mode of matching. Otherwise, if you use HostNameComparisonMode.Exact, then yes, the host name will always be a critical factor in matching. If the host name does not match, dispatch will generally fail.

It should be noted that exact is not 100% perfectly exact...it still allows some variation in the host name. If you have both a NetBios host name and a full DNS name, matching will still occur, as WCF treats those two as one and the same.

System.ServiceModel.BasicHttpBinding.HostNameComparisonmode

jrista  2010-03-02 02:32:06
I've tried the binding.HostNameComparisonMode = HostNameComparisonMode.Exact again and it is not working. After clearing out the related Windows firewall rules, the firewall prompts again to allow it.
uosɐſ  2010-03-02 16:33:28
I've also added a `new Uri("net.tcp://localhost")` as a base address to the ServiceHost constructor
uosɐſ  2010-03-02 16:46:19
Well, it seems that the firewall will prompt you regardless of whether it is a loopback host or not. I am not sure if there is anything you can do about that, other than to use Named Pipes.
jrista  2010-03-02 17:39:47
+2  A: 

I think that you are approaching it the wrong way. You should be using the named pipe binding, which should support whatever message exchange pattern you are using (it supports request-response, as well as the same concurrency and session state modes that WS supports).

From the section of MSDN titled "Choosing a Transport" (emphasis mine):

When to Use the Named Pipe Transport

A named pipe is an object in the Windows operating system kernel, such as a section of shared memory that processes can use for communication. A named pipe has a name, and can be used for one-way or duplex communication between processes on a single machine.

When communication is required between different WCF applications on a single computer, and you want to prevent any communication from another machine, then use the named pipes transport. An additional restriction is that processes running from Windows Remote Desktop may be restricted to the same Windows Remote Desktop session unless they have elevated privileges.

This satisfies your exact requirements and should be no more than a configuration change.

casperOne  2010-03-02 02:36:17
Agreed; "localhost only" is really "interprocess communication", and named pipes are the best for that.
Randolpho  2010-03-02 02:39:57
Sorry - I'll clarify: Like Cassini, this Service implementation is a stand-in for something else which DOES require network communication. The client can be configured to connect to the real server or the fake implementation running on localhost.
uosɐſ  2010-03-02 03:57:39
@Jason: If the client can be configured, why not configure it to use a Named Pipe endpoint rather than an Http endpoint? As WCF is capable of both, and calling a service via pipe vs. http is the same for WCF...why bother with anything else?
jrista  2010-03-02 04:00:56
Hi jrista, In this particular application, the endpoints are not configurable in that way.
uosɐſ  2010-03-02 05:00:10
Why would they not be configurable that way?
jrista  2010-03-02 17:40:09
@Jason: It's still easy in whatever code you have to replace the binding you use (because you **are** creating a WsHttpBinding or BasicHttpBinding *somewhere*) and then replace it with NetNamedPipeBinding (dependent on a switch).
casperOne  2010-03-02 18:05:47
Ok, I understand what you're saying, but in this case it ought to be a network connection. It's a reasonable goal, even if there are other ways of achieving a similar effect.
uosɐſ  2010-03-02 20:55:12

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability