Friday, July 18, 2014

WCF Command Interface

I just saw a clip about using a Command Interface pattern in WCF to alter behavior

In order to demo this concept, the presenter built a windows form app the had a method to set the color of a panel. It implemented a ServiceOperation contract so it was available via an endpoint that exposed the method as a service. There was another windows app that had a select list of colors that the user could select, which in turn would call the service endpoint and send a message that contained the selected color data. Low and behold! Once the color was selected in one app, the color would change in the other! While probably not the most practical solution to this problem (sockets would be faster) it did demonstrate an interesting pattern - how to change the STATE of a running process with WCF. This is no different that using a service for updating a database however and did not deliver what I thought was promised. It did not change BEHAVIOR of the running application. I expected it to implement some sort of command pattern, but it did not. The behavior was that when the color was sent to the application via the method, the background color of the panel would change to that color. This got me thinking about how to actually change the behavior of a running process using a service to send in the command. Here's what might work - WARNING: do not do this because it would be dangerous and stupid! Implement a service that takes in the definition of a method that implements a known interface. Use some sort of injection framework to compile and load that method, then call the method. Alternative to sending in the method - send in the DLL, save to a temp folder, use IOC/DI frameworks to grab the object that implements the method, spin up another process to run and inject that new object. Sounds dangerous and foolish, but it just may work. Herein lies the danger(if it isn't obvious)! Anyone who gains access to the endpoint could implement whatever they want via this command injection, including stealing data, crashing the system, or whatever. I haven't POCd this or anything, I'm just thinking out loud. I'm thinking it may work though as long as you can load the DLL this way, and if WCF doesn't trip on the file transfer (prob not the least concern about that one).

No comments:

Post a Comment