WCF client and service on same box with the service going across the network

Question

I have a WCF service which is called from a winforms app. This is over the named pipes binding.

The WCF service (Server) itself goes across the network on the domain to download some files.

In named pipes, is there any issue with having the user on a locked down domain account and the wcf service, hosted in a win svc, on a powerful account in the same domain which goes across the network to download some files (network being within the same domain)? I read something somewhere about named pipes not working with network logins (which I assume are domain accounts).

Thanks

Answer 1

You won't have any problems if your service process identity has the necessary permissions to access the network resource. The default security configuration of the NetNamedPipeBinding will not cause the WCF service to impersonate the WCF client, so the service process identity will be used to get the files from the network share.

The ACL on the named pipe transport stops users accessing the WCF service from a remote connection. It will not prevent access by your WinForms application running in a local interactive session.

Domain accounts and network logons are two completely orthogonal concepts. A domain account is an identity which is authenticated by a domain controller rather than a machine's local security authority. A network logon is one where the user has gained access to a particular machine via a network protocol (e.g. accessing a network file share or making a request to an HTTP application which impersonates the caller). A domain account can have a local interactive logon (as in your WinForms app); a local account can be used to get a network logon.

Answer 2

I say go for it. I'm not sure why there would be any problems as long as everything is properly configured. NamedPipes is just the transport protocol from your client to your service. It shouldn't have anything to do with what the service can do.