.net - WCF Encryption solution for App.config viewable to a client?

Question

I have a desktop application which contains an App.config (program.exe.config at release) with clearly visible elements which define my WCF endpoints and WCF implementation.

I would ideally like to hide this from the users eyes, from simple hacking, view and change.

Should I: -

1. Programmatically create and store my WCF endpoints and binding configuration in code. or;
2. Implement some protection scheme over the App.config (if so, what, how), effectively obfuscating/encrypting these elements from public view, but understandable from my code?

I already utilise .NET Reactor to obfuscate and protect my program from reflection techniques.

Update 13-May-09 3:32 GMT+10 Alright well I managed to encrypt system.serviceModel but then it proved unusable when the app went to launch as an exception was thrown (System.TypeInitializationException: The type initializer for 'System.ServiceModel.DiagnosticUtility' threw an exception.)

  <system.serviceModel>
    <!-- [bindings] -->
    <bindings configProtectionProvider="DPAPIProtection">
      <EncryptedData>
        <CipherData>
          <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+...

So there goes that idea. I'll either ditch this idea, or set my endpoints in code which is behind encryption.

Isn't anybody else concerned about their endpoint addresses clearly visible in config???

Answer 1

I would ideally like to hide this from the users eyes, from simple hacking, view and change.

You really can't protect against this, because anyone who wants to figure out what it's doing just sets a breakpoint on the WCF Endpoint class constructor then hits "go". No amount of obfuscation will help you there.