stackoom
  简体   繁体   中英

WCF Service - how to protect so only my clients can use it?

 原文  2013-06-21 07:06:52       c#/ wcf/ visual-studio

Question

I am building a client program that interacts with a WCF Service via Internet. Everything works as intended but I am wondering how I can protect my services so that only my client program can make use of it?

Right now everyone with the correct URL to my services can use it with WCFTestClient (eg).

What is the best way to make it private so only my clients can make use of the service? Rotating token strings? Certificate? Password?

I have no idea and haven't found anything useful on the Internet.

Best regards

UPDATE: The client program is intended to be downloaded for the public (everyone). So it is not for internal use, it will be a service we are gonna provide, ones in official production.

My own thinking was like: Bind a certificate in my client programs (if thats possible even?). On the IIS where the WCF service is running, check for valid certificate. Is that possible? Or better solutions out there?

2 answers

solution1
 1  2013-06-21 07:16:09

If you are using Form Authentication then you can leverage the ASP.NET to check for FormAuthentication Cookie by enabling AspNetCompatibilityRequirementsMode to Required

Or if your service is stand alone ie is consumed by everyone then you can use oauth authentication you can read more about it Oauth Authentication

What you could do is there would be a consumer secret key which would be shared to all authenticated clients. The caller would sign some info using this key and server would also sign it using the same key and then compare it.

Hope it helps

solution2
 1 ACCPTED  2013-06-21 07:28:35

Protect .net Web Service URL

Along with the other answers, that can't be bad too, and if you want to be super careful you can implement a token system, where the clients get the first token from you, each request returns a new token, and you always check a client vs it's current token (but that's being over careful in my opinion)

Update - because it's for the public, the client can have a way of generating a valid token to check on the server, you can have a token be valid for an interval of seconds, so even if people caught the request and found the token, it will not be valid after ..15 seconds or 30,etc

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How To Limit a WCF Service Application, So That Only Unique Clients Can Access Can a WCF service use SignalR to notify clients of a change? How to store the web response in global.asax so that i can use this response from my wcf rest service using C# How can I protect WCF service from unauthorized access? How to set up my WCF service to be able to be accessed by remote clients How to use a duplex wcf service to distribute messages to all clients? How to configure WCF endpoints for use in rdp client session so they can use a central service? WCF service to be accessible by clients outside my domain How to protect resource using WCF PerCall Service How to support different clients with single WCF service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM