Tuesday, November 10, 2009

WCF 8192 issue

This was a simple issue which baffled few brains in my project. For the past few weeks i was seeing the mails about this. What was the exact problem?
 Whenever a large xml stream is passed through WCF it generated the following error. Everything was fins at the ASP.net client side. Almost all the known properties of
The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader.

By default WCF allows a string content of size 8192 (8K) to pass through without any problems. If the size increases above this set limit WCF treats the incoming message as bad message & hence throws an exception. This level was set considering the security aspect of distributed system.

If we have to pass more data we will have to manually override this default setting.

Now here the trick. Everyone looked at the client side but there is a server part also :)

When a WCF client is created  automatically all the properties required to run that service is added by default by visual studio.

Changes made in WCF server applications web.config :
Added a new HTTPbinding 
        <binding name="newHTTPBinding" maxBufferPoolSize="2147483647"maxReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="32" maxStringContentLength="2147483647"
            maxArrayLength="16384" maxBytesPerRead="4096"maxNameTableCharCount="16384" />

set the value for maxBufferPoolSize, maxReceivedMessageSize,maxStringContentLength

for the HTTPEndpoint i created a new binding configuration and mapped it

<endpoint bindingConfiguration="newHTTPBinding" address="" binding="wsHttpBinding"contract="Abhi.AbhiBiz.IContractBusiness">

After this binding the WCF endpoint will take the new properties and allow more characters through the endpoint

Stringcontent was given a higher value at client- presentation layer but the same configuration was not given in WCF service-endpoint at the business layer.

Security issue : 

2147483647 is the magical figure but most of the applications doesn't need this much data.If not tested properly this configuration can lead to DOS attacks.
We need a realistic figure which matches the datatransfer between the endpoints. BufferSize also should be monitored to check the memory consumption

WCF de-serializes the object passed between endpoints, so if an object of 500 KB is passed the de-serilized data will be much higher. Further complexity can arise if an array of object is passed. So a realistic value for maxBufferPoolSize, maxReceivedMessageSize,maxStringContentLength should be given.
Post a Comment