如何安全地验证WCF服务方法的调用程序集?
[英]How do I securely authenticate the calling assembly of a WCF service method?
问题描述
The current situation is as follows: We have an production .net 3.5 WCF service, used by several applications throughout the organization, over wsHttpBinding or netTcpBinding. 
当前情况如下:我们有一个生产.net 3.5 WCF服务,整个组织中的多个应用程序都通过wsHttpBinding或netTcpBinding使用该服务。 User authentication is being done on the Transport level, using Windows integrated security. 使用Windows集成安全性在传输级别上完成用户身份验证。 This service has a method Foo(string parameter) , which can only be called by members of given AD groups. 该服务具有方法Foo(string parameter) ,该方法只能由给定AD组的成员调用。 The string parameter is obligatory. 字符串参数是必需的。
A new client application has come into play (.net 3.5, C# console app), which eliminates the necessity of the string parameter. 一个新的客户端应用程序开始起作用(.net 3.5,C#控制台应用程序),它消除了使用string参数的必要。 However, only calls from this particular application should be allowed to omit the string parameter. 但是,仅应允许来自此特定应用程序的调用省略string参数。 The identity of the caller of the client application should still be known by the server because the AD group limitation still applies (ruling out impersonation on the client side). 服务器仍应知道客户端应用程序的调用者的身份,因为AD组限制仍然适用(排除客户端的模拟)。
I found a way to pass on the "evidence" of the calling (strong-named) assembly in the message headers , but this method is clearly not secure because the "evidence" can easily be spoofed. 我找到了一种在消息头中传递调用(强命名)程序集的“证据”的方法,但是这种方法显然是不安全的,因为“证据”很容易被欺骗。 Also, CAS (code access security) seems like a possible solution, but I can't seem to figure out how to make use of CAS in this particular scenario. 同样,CAS(代码访问安全性)似乎是一种可能的解决方案,但是我似乎无法弄清楚在这种特定情况下如何利用CAS。
Does anyone have a suggestion on how to solve this issue? 有人对如何解决这个问题有建议吗?
Edit: I found another thread on this subject ; 编辑:我在这个问题上找到了另一个话题 ; apparently the conclusion there is that it is simply impossible to implement in a secure fashion. 显然得出的结论是,根本不可能以安全的方式实施。
2 个解决方案
解决方案1
0 已采纳 2010-06-14 12:18:13
sounds to me like you need to pull the security out into a seperate service ... go down a more federated route this way you can implement a handshake form of encryption using public and private keys to generate a secure session token in both situations. 在我看来,您需要将安全性扩展到单独的服务中……以这种方式走更联盟的路线,您可以在两种情况下都使用公钥和私钥来实现握手形式的加密,以生成安全的会话令牌。
this way you cna still get both windows a=uthentication and a custom solution in play whilst retaining your attributes on methods for security (I am assuming that you are implementing it this way.) 这样,您就可以同时获得Windows a =诱变和自定义解决方案的作用,同时保留安全性方法的属性(我假设您是通过这种方式实现的。)
sounds like a fair bit of work though - I had to do this from scratch and ran into some cross domain / delegation issues. 不过,这听起来似乎有点工作-我不得不从头开始,遇到一些跨域/授权问题。 But I am sure the idea is good. 但是我确信这个主意是好的。
howver you will end up with a nice solid claims based secuirty model 但是最终您会得到一个很好的基于可靠声明的安全模型
解决方案2
0 2010-06-14 18:33:48
You could get the callers Address: 您可以得到来电者的地址:
RemoteEndpointMessageProperty clientAddress =
OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name]
as RemoteEndpointMessageProperty;
string address = clientAddress.Address;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.