我有一个模块化应用程序,可以在单独的AppDomain中实例化事物,并通过WCF管道与它们进行通信。我不希望我的进程之外的任何人能够连接到这些管道。
建议?
< edit>我对远程处理知之甚少 - 编写一个在引擎盖下使用远程处理的传输是否是一个糟糕的主意?< / edit>
答案 0 :(得分:2)
对不起,我可能会迟到......但迟到总比没有好:) 你可以做的是在AppDomains之间共享一个对象...... 例如,在第一个中创建一个随机GUID并将其发送到第二个(序列化...)。 然后,如果两个AppDomains都知道此身份验证令牌,您可以执行以下操作:
/// <summary>
/// Inspect client messages : add GUID in headers
/// </summary>
internal class CProcessAuthenticationClientInspector : IClientMessageInspector
{
#region IClientMessageInspector Membres
public void AfterReceiveReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
{
}
public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
{
request.Headers.Add(MessageHeader.CreateHeader("ProcessAuth", "http://schemas.YOURCOMPANY.com/YOURAPPID", CProcessAuthenticationBehavior._authToken));
return null;
}
#endregion
}
/// <summary>
/// Inspect server messages : Check GUID
/// </summary>
internal class CProcessAuthenticationDispatchInspector : IDispatchMessageInspector
{
#region IDispatchMessageInspector Membres
public object AfterReceiveRequest(ref Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
Guid token = OperationContext.Current.IncomingMessageHeaders.GetHeader<Guid>("ProcessAuth", "http://schemas.YOURCOMPANY.com/YOURAPPID");
if (token != CProcessAuthenticationBehavior._authToken)
throw new Exception("Invalid process");
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState)
{
}
#endregion
}
/// <summary>
/// Add inspectors on both client and server messages
/// </summary>
public class CProcessAuthenticationBehavior : IEndpointBehavior
{
/// <summary>
/// Authentification token known by both sides of the pipe
/// </summary>
internal static Guid _authToken = Guid.NewGuid();
#region IEndpointBehavior Membres
public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
}
public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
clientRuntime.MessageInspectors.Add(new CProcessAuthenticationClientInspector());
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
{
endpointDispatcher.DispatchRuntime.MessageInspectors.Add(new CProcessAuthenticationDispatchInspector());
}
public void Validate(ServiceEndpoint endpoint)
{
}
#endregion
}
然后您只需要将端点行为添加到双方的端点:
客户:
ChannelFactory<TInterface> factory;
factory = new ChannelFactory<TInterface>(BuildLocalBinding(), "net.pipe://localhost/foo");
factory.Endpoint.Behaviors.Add(new CProcessAuthenticationBehavior());
服务器:
ServiceHost svcHost = new System.ServiceModel.ServiceHost(imlpementationType);
svcHost.AddServiceEndpoint(interfaceType, binding, "net.pipe://localhost/foo");
svcHost.Description.Endpoints[0].Behaviors.Add(new CProcessAuthenticationBehavior());
嗯......这可以在配置中完成,但我会让你挖掘:)。
希望这有帮助。
答案 1 :(得分:1)
您可以为绑定添加一些安全行为。它们允许您需要身份验证,签名内容并加密,具体取决于您的安全需求。
有关详细信息,请参阅MSDN上的WCF Security Fundamentals。
答案 2 :(得分:0)
... netNamedPipeBinding绑定,提供跨进程 在同一台机器上进行通讯。命名管道不起作用 机...
NetNamedPipeBinding将实现您的目标。
NetNamedPipeBinding is optimized for on-machine通信。