tags:

views:

130

answers:

2
+1  Q: 

Why does named pipe WCF service reject Windows service clients?

On Windows 7 and .NET 4 I'm getting some very weird effects from the WCF named pipe transport when my WCF client is a Windows service.

My WCF service is hosted in a user mode app and exposed over the named pipe binding.

My WCF client is a Windows service, running as Network Service (I get the same result if it runs as Local System).

If my user mode app (ie WCF service) is running as a domain admin then it works fine, but if the user mode app is an ordinary user (or local admin) then the connection is rejected with a CommunicationObjectFaultedException.

I saw some questions on here relating to UAC being involved, but I haven't seen an actual solution anywhere which just makes the named pipe transport work properly. Is this just an inescapable framework bug?

+1  A: 

From Christian Weyer's blog (http://weblogs.thinktecture.com/cweyer/2007/12/dealing-with-os-privilege-issues-in-wcf-named-pipes-scenarios.html):

"If my WCF server process using a Named Pipe-based endpoint doesn't have privileges to create a Global kernel object it silently fails and creates a local one which will not be visible to processes outside of its session."

So no named pipe based communication mechanism (WCF or otherwise) opened by a process without the privilege to create a global kernel object will ever be able to receive messages from outside its own session.

Seems to be that this is an example of the law of unintended consequences, where clamping down on security actually results in people opening more security loopholes by being forced to use network visible transports instead of a local machine IPC mechanism. MS should really provide a proper IPC channel for WCF because the current named pipe transport doesn't cut it.

Problem is that this isn't a particularly unusual scenario, for a .NET service to want to talk to a .NET tray app to provide user notifications. A polling mechanism from the tray app to the servide will work... but polling is slow and resource intensive and I'd like to have avoided it.

Anyone know of a better custom IPC transport?

Tim

Tim Haynes  2010-07-19 11:11:06
A: 

It's my understanding that named pipe binding under WCF only supports local connection. Are you trying to connect from another machine (running as network service would seem to support this supposition) ?

Oh, disregard, I just read further down that you're talking to a tray icon. It's probably a higher-privilege-app thing if the shell is involved.

Bob Moore  2010-07-19 11:45:29

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability