« Quicktime Alternative
Seattle Gastronomy »

MaxReceivedMessageSize, MaxBufferSize, and proxy generation

To limit DoS exposure, we have a knob on all of our transports to control the size of Messages received on the wire. This way, we will only allocate a bounded amount of memory for each message. This setting is binding.MaxReceivedMessageSize in imperative code (or <binding maxReceivedMessageSize="654321"> in config). If an incoming Message is larger than MaxReceivedMessageSize, we will drop the Message (and fault the transport channel for session-ful channels).

Many of our transports/bindings also have a “MaxBufferSize” knob. For buffered transports, this value is always equal to MaxReceivedMessageSize (and the system Asserts this fact). However, for Streamed bindings (TransferMode == TransferMode.Streamed), we only need to buffer the SOAP Headers in order to generate a Message, and we can have the Body stream in on-demand. In this case, MaxBufferSize <= MaxReceivedMessageSize, and MaxReceivedMessageSize will bound the overall message, while MaxBufferSize bounds the Headers size.

One thing to note about these settings is that they are local behavioral settings. That is, they are not transmitted in Metadata. So if you generate a proxy to a service with a MaxReceivedMessageSize = 2GB, the proxy will have a default value (64K) for MaxReceivedMessageSize. This leaves control of the appropriate MaxReceivedMessageSize in the hands of the administrator to decide, and (hopefully) helps with our out-of-the-box security story.

This entry was posted on Friday, January 13th, 2006 at 1:54 pm and is filed under Indigo. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “MaxReceivedMessageSize, MaxBufferSize, and proxy generation”

  1. mattonsoftware.com : .NET Resources Says:
    May 6th, 2006 at 1:32 am

    […] […]

  2. Ali Pasha Says:
    October 30th, 2006 at 11:21 am

    One of the issues that we’ve found is that this doesn’t work for DataSets as they are usually bigger than the default MessageSize. This means that the user has to go in, find the setting, and manually change it whenever they are consuming a DataSet.

    Is there any nice workaround for this issue?

    Thanks

  3. Rajesh Says:
    July 23rd, 2008 at 11:30 pm

    Hi Kenny,

    I am encountering a different issue. I have my WCF running on a windows service mode and one of the method calls it actually returns about 4000 rows from the database.

    Now on the client side when I access this method it gives me the error message as below:

    An error occurred while receiving the HTTP response to http://192.168.1.71:2000/XYZService . This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.

    Below is how my service and client configurator looks. I have tried transfermode as both streamed and buffered, but no luck.

    Could you please let me know how could I overcome this issue.

    service:

    client:

Leave a Reply