views:

65

answers:

1

I have to create a WCF service which returns sensitive information to the client. I need to ensure that the security of the service cannot be compromised easily. I'll use WCF's built in security mechanisms to protect the data on the wire by using a wsHttpBinding with certificate security.

However, I also want to ensure that the service's security cannot be compromised by modifying the config file. I want to retain all the flexibility the config file affords in terms of ports, base addresses etc. but ignore any endpoint/binding related configuration sections that could compromise the service.

What I thought of doing is this: Create a custom service host in which I override the ApplyConfiguration function. In the ApplyConfiguration function I can do one of two things:

  1. Load only the sections in the config file that I need with base.LoadConfigurationSection.
  2. Load the entire config file with base.ApplyConfiguration and removing all endpoints that could compromise security.

I am new to WCF so any guidance on how to do this properly would be appreciated (with code samples if you can :-) ). I don't know if I am on the right track here!

+1  A: 

Well, you have multiple options:

  • you could check certain security settings in your custom ServiceHost and make sure they're acctivated
  • if they're not activated, you could either just shut down your service host, or you could set them in code (overriding whatever is set in the config file)

You can also require certain security settings right in your service contract using the ProtectionLevel setting:

[ServiceContract(ProtectionLevel=ProtectionLevel.EncryptAndSign)]
interface IYourService
{
....
}

This is actually the default setting - so you should be safe, but if you want to, you can always specify the protection level explicitly (to make it crystal clear as to what your intent is).

With this, anyone trying to send you a non-encrypted or non-signed message will be refused outright.

Marc

marc_s