Home/ Questions/Q 7998839
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T15:19:47+00:00

I’ve got a modular application that instantiates things in separate AppDomains and communicates with

  • 0

I’ve got a modular application that instantiates things in separate AppDomains and communicates with them over WCF pipes. I don’t want anyone outside of my process to be able to connect to these pipes.

Suggestions?

<edit>I don’t know much about remoting — would it be a terrible idea to write a transport that uses remoting under the hood?</edit>

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Sorry, I might be late… but better late than never 🙂
    What you could do is sharing an object between your AppDomains…
    For example create a random GUID in the first one and send it to the second one (serialization…).
    then, if both AppDomains know this auth token, you may do something like this :

    /// <summary>
/// Inspect client messages : add GUID in headers
/// </summary>
internal class CProcessAuthenticationClientInspector : IClientMessageInspector
{

    #region IClientMessageInspector Membres

    public void AfterReceiveReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
    {
    }

    public object BeforeSendRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel)
    {
        request.Headers.Add(MessageHeader.CreateHeader("ProcessAuth", "http://schemas.YOURCOMPANY.com/YOURAPPID", CProcessAuthenticationBehavior._authToken));
        return null;
    }

    #endregion
}

/// <summary>
/// Inspect server messages : Check GUID
/// </summary>
internal class CProcessAuthenticationDispatchInspector : IDispatchMessageInspector
{

    #region IDispatchMessageInspector Membres

    public object AfterReceiveRequest(ref Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
    {
        Guid token = OperationContext.Current.IncomingMessageHeaders.GetHeader<Guid>("ProcessAuth", "http://schemas.YOURCOMPANY.com/YOURAPPID");
        if (token != CProcessAuthenticationBehavior._authToken)
            throw new Exception("Invalid process");
        return null;
    }

    public void BeforeSendReply(ref Message reply, object correlationState)
    {

    }

    #endregion
}

/// <summary>
/// Add inspectors on both client and server messages
/// </summary>
public class CProcessAuthenticationBehavior : IEndpointBehavior
{
    /// <summary>
    /// Authentification token known by both sides of the pipe
    /// </summary>
    internal static Guid _authToken = Guid.NewGuid();

    #region IEndpointBehavior Membres

    public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
    {
    }

    public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
    {
        clientRuntime.MessageInspectors.Add(new CProcessAuthenticationClientInspector());
    }

    public void ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
    {
        endpointDispatcher.DispatchRuntime.MessageInspectors.Add(new CProcessAuthenticationDispatchInspector());
    }

    public void Validate(ServiceEndpoint endpoint)
    {
    }

    #endregion
}

    And then you just need to add your endpoint behaviour to your endpoint on both sides :

    client :

    ChannelFactory<TInterface> factory;
factory = new ChannelFactory<TInterface>(BuildLocalBinding(), "net.pipe://localhost/foo");
factory.Endpoint.Behaviors.Add(new CProcessAuthenticationBehavior());

    server :

    ServiceHost svcHost = new System.ServiceModel.ServiceHost(imlpementationType);
svcHost.AddServiceEndpoint(interfaceType, binding, "net.pipe://localhost/foo");
svcHost.Description.Endpoints[0].Behaviors.Add(new CProcessAuthenticationBehavior());

    Well… this may be done in config, but I’ll let you dig 🙂

    Hope this helps.

    • 0