stackoom
  简体   繁体   中英

How to secure a WCF service running in Windows Azure that is accessed by a a Windows Forms Application

 原文  2012-06-27 01:23:04       wcf/ security/ azure/ enterprise

Question

Folks,

We are developing an application that is part a downloadable WinForms application that connects to a set of Azure-hosted WCF services.

Our main issue now is how to properly secure these services to prevent DoS attacks and other security issues.

The WinForms applications will be installed on end users PCs anywhere in the world (they will be able to download this from our website) so we have no control of what the end users does to our application.

We have already secured the application as much as possible but we know nothing is unbreakable. Our main goal now is to make sure methods of these web services are only called by our application and that we can defend ourselves against attacks.

We found a best practice white paper from Microsoft stating that for some scenarios we have we could use the GateKeeper scenario (like for storage). We do not have selected anything yet for our queues.

Another issue is how to best control authentication from our WinForms app to the services in the cloud.

Has anybody here developed or worked on any similar projects and would like to share some ideas?

Cheers,

2 answers

solution1
 1  2012-06-27 01:36:48

Our main goal now is to make sure methods of these web services are only called by our application and that we can defend ourselves against attacks.

replace that with: Our main goal now is to make sure methods of these web services are only called by our application OR that we can defend ourselves against attacks.

That's a bit more realistic :) There is simply no way to guarantee that the service would be called from the clients, unless you absolutely trust them and start issuing certs for them. (Which they will lose, their pc will be hacked, etc)

If you want to secure the service you have to prepare for every possible attack scenario, unless you can rule them out with 100% certain.

solution2
 0 ACCPTED  2012-06-28 23:05:04

This question has already been asked again and again. If a web service is hosted on any server which has a public IP, the only way you can block the client is to authenticate them first and if authentication goes well, they can use the method and if failed they can not use. Authentication and authorization is the key for any service which is hosted on internet otherwise keep the service private.

And to authenticate a WCF service there are pattern & practices are already available and it seems you have already taken care of that.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Hosting WCF service inside a Windows Forms application Listening to a WCF service from a Windows Forms Application How to return file in WCF service running on Windows Azure? How to use WCF service running on Windows Service Host WCF in a Windows Forms application How to secure WCF web services hosted from a Windows Service? How to consume a restful WCF service in a Windows application? How to create a file in WCF service application in windows Testing WCF service on Windows Azure Deploying WCF Service on Windows Azure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM