WCF Named Pipe Security and Multiple User Sessions?

Question

I have setup a WPF application that is single instance using a Mutex, this allows for the application to run within each user account if you are using user switching. The appli

Answer 1

Named pipes in WCF are not accessible from the network and no encryption is required to secure them. However, WCF services are not secure against the attack mentioned by romkyns.

I suggest you read this posts:

Exploring the WCF Named Pipe Binding - Part 1

Exploring the WCF Named Pipe Binding - Part 2

Exploring the WCF Named Pipe Binding - Part 3

Exploring the WCF Named Pipe Binding - Part 4

about the security problems involved.

In short WCF allows ANY process to masquerade itself as the service and:

1. Either simulate the service OR
2. Eavesdrop and tamper data assuming that the rogue process itself connect to the service. However, if the service uses access security to check the identity of the calling user this may not be possible.