Is NetNamedPipeBinding binding guaranteed to work only on the same machine?

Question

I've created a Windows Service that uses WCF for communications to it. The service should be used be called only from the same machine. If I can guarantee that there's no way to communicate with it from another machine, I can consider it secured.

Since I'm using communications on a single machine, I opted to used NetNamedPipeBinding. This bindings documentation says it's Optimized for on-machine communications, but does not give any guarantees.

My questions is, does NetNamedPipeBinding provide on-machine-only guarantees? If not what binding does, or how would you go implementing a custom bindings that does provide such guarantees?

Thanks,
Asaf

Answer 1

Microsoft published the following on Choosing a Transport on MSDN:

When to Use the Named Pipe Transport

A named pipe is an object in the Windows operating system kernel, such as a section of shared memory that processes can use for communication. A named pipe has a name, and can be used for one-way or duplex communication between processes on a single machine.

When communication is required between different WCF applications on a single computer, and you want to prevent any communication from another machine, then use the named pipes transport. An additional restriction is that processes running from Windows Remote Desktop may be restricted to the same Windows Remote Desktop session unless they have elevated privileges.

That pretty much gives the desired guarantee.

Answer 2

I was reading text from Essential WCF - Chapter 4 (Bindings) and found following, which I am reproducing with only intent to help someone;

WCF Restricts the netNamedPipeBidning Binding to Local Machine Communication

Although it is possible to use named pipes to communicate across a network, WCF restricts the use to local machine communication. This means it can be used to ensure that your service is not available across a network. This is accomplished using two mechanisms:

a) the Network Security Identifier (SID: S-1-5-2) is denied access to the named pipe. b) the name of the named pipe is randomly generated and stored in shared memory so only clients running on same machine can access it.