在WCF maxConcurrentSessions 默认为10，因此，限制从服务器有超过10打开的TCP连接到它。

In WCF maxConcurrentSessions defaults to 10, so limiting a server from having more then 10 open TCP connections to it.

为什么会这样呢？

它是安全的，我只是将它设置为一个非常高的价值，有客户的一小撮（或两个）的服务器，但需要保持一个NetTcpBinding的开放为每个客户因事件发送到客户端？

Is it safe for me just to set it to a very high value for a server that has a "handful" (or two) of clients, but needs to keeps a netTcpBinding open for each clients due to sending events to the clients?

推荐答案

我假设您的实例模式是每会话。如果需要，可以将此值设置为Int32.Max。如何过，这是好事，详细了解了WCF节流概念。

I assume your instance mode is Per Session. You can set this value to Int32.Max if required. How ever, it is good to understand the WCF Throttling concepts in detail..

该值是非常低的，以prevent DOS攻击，WCF队想要的服务是默认安全。

The value is very low to prevent DOS attacks, as WCF team wants the services to be "secure by default".

下面是一个良好的阅读，看看这里这篇博客

Here is a good read, have a look at this blog post here

请注意，这些值是非常   低......比许多低得多的人   想的那样。的思考   WCF的团队在这里是他们想要的   WCF是默认安全和   减少DoS攻击的变化是   从对你的服务推出。   这个想法听起来不错，但在   实践它会导致重大问题。

Note that these values are extremely low... much lower than many people would like them to be. The thinking of the WCF team here was that they wanted WCF to be "secure by default" and reduce the change of DOS attacks being launched from against your service. That idea might sound great, but in practice it causes major issues.

在   事实上，你几乎可以肯定跑   对这些问题，如果你使用的是   像WsHttpBinding的绑定   支持会话。这是为什么？该   默认会话数为10，这   出现在第一就意味着10个用户   可以在同一访问服务   时间。然而，WCF会话不是   Web会话。不同于Web会话，   这是由服务器管理的和   通常跟踪使用http饼干，   WCF会话由发起   客户端代理不结束，直到他们   超时或客户端发送一个   明确要求放弃   会话。这里的东西，因为每个   代理实例启动它自己的   会话，用户，使一些   同时要求有可能被   使用多个会话一次。现在   你可能会想，你是安全的，如果   你不必多线程code   ，做这种事情......但   这是不完全正确。由于   用户必须明确要求   服务器取消他的会议，这是   可能你会离开会议   打开意外。人们谁已经   与ASMX服务工作，经常   没有意识到，他们需要关闭   他们的代理对象，而少数   一定要明白，对象必须是   闭常使的错误   对待他们就像处置的对象，   其结果会被抛   打开。请记住，默认   会话限制是10，这意味着   如果您打造十个呼叫服务   在相对使用WsHttpBinding的   很短的时间量，就可以结束了   锁定你的服务，直到   会议到期。

In fact, you have almost certainly ran into these issues if you are using a binding like WsHttpBinding that supports sessions. Why is that? The default number of sessions at 10, this appears at first to mean that 10 users can access your service at the same time. However, WCF sessions are not web sessions. Unlike web sessions, which are managed by the server and generally tracked using http cookies, WCF sessions are initiated by the client proxy and don't end until they time out or the client sends an explicit request to abandon the session. Here's the thing, since each proxy instance initiates it's own session, a user that makes a few requests at once could potentially be using multiple sessions at once. Now you might be thinking you are safe if you don't have multi-threaded code that does this kind of thing... but that's not exactly true. Because the user must make an explicit request to the server to cancel his session, it's possible that you will leave sessions open accidently. People who have been working with ASMX services, often don't realize that they need to close their proxy objects, and the few that do realize that the objects need to be closed often make the mistake of treating them like disposable objects, which results in sessions being left open. Keeping in mind that the default session limit is 10, this means that if you make ten calls to a service using WsHttpBinding in a relatively short amount of time, you can end up locking up your service until the sessions expire.

的决定，即   此处的WCF团队可傻了眼。   在试图限制的能力   攻击者发动DOS攻击   对你的服务，他们把它   变得更容易执行一个DOS攻击   对你的服务。不再做你   需要的资源涌入服务器   与要求，使之不能   回应，你只需要进行   几个电话不明确   请求连接以关闭和   最大输出会话计数。除非集   这个值非常高，运行   有一个服务器拒不风险   接受任何传入的连接，   尽管这是令人心寒   用零CPU占用率。

The decision that the WCF team made here can be perplexing. In an attempt to limit the ability of attackers to launch DOS attacks against your services, they made it much easier to perform a DOS attack against your service. No longer do you need the resources to flood a server with requests so that it can no longer respond, you simply have to make a handful of calls without explicitly requesting the connection to close and max out the session count. Unless set this value extremely high, you run the risk of having a server refusing to accept any incoming connections, despite the fact that it is chilling out with zero CPU usage.