Security in windows mobile app and wcf service
Question
I'm kinda new in the mobile world and wcf world.
I have develop a mobile app that communicates with a WCF service.
What security topics should I look into?
I do not know much about security either ... usually you try to secure the channel? the messages being sent?
1 answers
solution1
1 ACCPTED 2010-08-20 21:55:32
When you decide security you usually deals with following terms:
- Confidentiality - ensures that only supposed recipient can read and understand the message
- Integrity - ensures that message cannot be changed during transmission
- Authentication - ensures that only callers with allowed identity can use the service
- Autorization - ensures that only callers with exact claim are allowed to call given method
Authorization is always handled in code. Confidentiality, integrity and authentication can be handled on message level, transport level or mixed mode. Based on some very small knowledge about CF I suggest you should be able to use transport security = HTTPS to provide integrity, confidentiality and also Basic HTTP authentication. CF should also allow using message security secured by certificates (also provides integrity, confidentiality and authentication).
MSDN contains example for creating service and CF client secured by HTTPS with client certificate (used for authentication).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.