stackoom
  简体   繁体   中英

Windows Authentication / Encryption in WCF With NetTcpBinding

 原文  2009-12-17 16:50:52       wcf/ nettcpbinding

Question

I'm trying to understand how windows authentication / encryption works with the NetTcpBinding in WCF. I need to know exactly what encryption algorithm is used to encrypt the data going across the wire (and some documentation to prove it). Will windows authentication / encryption still work if the client and or host is not on a domain?

2 answers

solution1
 6 ACCPTED  2009-12-17 17:18:58

The netTcpBinding using Windows Credentials requires the caller and the service to be on the same domain - or at least on mutually trusting domains. Otherwise, the server won't be able to verify the Windows credentials and will refuse the service call.

As for encryption : you can even pick and choose which one you'd like ! :-) TripleDES, AES - you name it, with varying key lengths, too.

See the Fundamentals of WCF Security article - it talks about all aspects of security and encryption; also see the MSDN Docs on Securing Services which goes into some more detail; a good overview can be found here showing the properties of the basicHttp transport security element.

solution2
 2  2009-12-17 17:10:06

Last year I had to implement a distributed system using wcf that required a mechanism both safe and performant across all layers of the system. We decided for creating our own security architecture by creating a binary encrypted token. The encrypted token contained all permissions a given user had.

So for example a user would log in into the system and if successfully authenticated it would receive an encrypted token back. This token was stored locally on the web client. All further requests by the user would contain that token. The token was used in several levels of the architecture. The web server would use it to decide what visual elements to enable or disable. Since the service layer was exposed to the internet, each open door would check the token for authentication and check if that token had the proper permission to execute a given task. The business layer could check again for a more specific right included in the token.

The advantages:

  • It didn't matter if we were using NetTcpBinding or any other type of binding (and we did use more than one type of binding).
  • We saved a lot of round trips to the database
  • We could use the same token on different platforms

I know it probably doesn't answer your specific questions, but it will maybe give you some for food for thought while you're still deciding on the intra-layer architecture of your system.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WCF netTCPBinding - Is transport encryption enough? WCF nettcpbinding in windows phone 8? How to enable Windows Authentication and NetTCPBinding WCF webservice on IIS7? WCF Service with netTcpBinding + windows Authentication hosted with IIS and using roles for authorization Form Authentication on NetTcpBinding in WCF service WCF netTcpBinding Windows security EncryptAndSign WCF - How to configure netTcpBinding for NTLM authentication? Alternate ways WCF Authentication with netTcpBinding binding WCF Security using NetTCPBinding with TcpClientCredentialType.Windows What is the simplest way to implement encryption in WCF when using the netTcpBinding?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM