Figuring out the required MaxReceivedMessageSize in WCF with NetTcpBinding_问答_开发者

Figuring out the required MaxReceivedMessageSize in WCF with NetTcpBinding

开发者 https://www.devze.com 2022-12-23 17:21 出处：网络

I\'m using NetTcpBinding in WCF and i want to send a Stream which does not exceed the size of 1 MB. I have set the Ma开发者_StackOverflow社区xReceivedMessageSize to a really high number and that works

相关专题：wcf

I'm using NetTcpBinding in WCF and i want to send a Stream which does not exceed the size of 1 MB. I have set the Ma开发者_StackOverflow社区xReceivedMessageSize to a really high number and that works fine of course.

But I am curious:

Does setting the MaxReceivedMessageSize to a very hight number have any (negative) impact or would it be useful to set it just above the size I actually want to send/receive?

What kind of overhead can I expect when using the NetTcpBinding to transfer a stream? Meaning: when I send a stream of 1 MB, how large does my MaxReceivedMessageSize has to be?

Setting MaxReceivedMessageSize allows you to tune your endpoint to reject oversized messages. This may be of particular interest when that endpoint is exposed to the public, which as we know, has it's fair share of dumb and malicious users.

Generally, if you know the max message size, you should work with that.

Some people may differ, but in my mind 1Mb = 1048576 bytes (1024*1024). I would also add a buffer for incidentals such as the message envelope. So 1048576 + 1024 = 1049600 would seem like a reasonable size for an expected 1Mb message.

If you want to send a file of 1 MB in size to the server, the maxReceivedMessageSize on the server must be at least 1 MB (whether you calculate that as 1 million bytes, or 10 to the power of 20 = 1'048'576).

The reason WCF keeps those values really low by default is to protect your server from a denial of service attack. If you do allow up to 1 MB or 2 MB of maxReceivedMessageSize on your server, an attacker could try to flood your server with a string of requests all maxing out that size, and thus cause your server to run out of memory eventually.

WCF has a number of safeguards in place, things like limiting the number of max concurrent connections etc., which all come into play in such a scenario. So upping that limit is opening the barn door just a little bit to the bad guys - if you're safely located behind a corporate firewall, that might not be a problem, really. If your server is out in the cold, hard winds of the internet, it might be a risk you're running.