tags:

views:

167

answers:

1
Q: 

WCF Security Transport Security Questions

I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning to achieve this by adding the original user's credentials in the header before the client sends the message and then the service will use the supplied credentials to authorize the user. So I have a few questions about this implementation:

1) using transport security with windows auth, I do NOT need to worry about again encrypting the passed credentials to ensure the validity... WCF automatically takes care of this - is this correct?

2) how does this implementation prevent a malicious service, running under some windows account within the domain, to send a message tagged with spoofed credentials. for e.g. a malicious service replaces the credentials with an Admin user to do something bad?

Thanks for any help.

A: 

What binding are you using? Is this service only within your corporate LAN, or do you plan to go outside the firewall?

To answer your question (as far as I can)

1) With Windows authentication over transport security, the transport layer will be encrypted and safe - no need to worry about additional encryption of credentials etc.

2) It cannot. If a malicious service manages to "hijack" some valid Windows credentials and poses as "John Doe" who has an account on your corporate network, there's no way the WCF service can distinguish this from a valid request by John Doe.

marc_s  2009-12-07 21:27:36
yes this service will only be within the corporate lan, using NetTcpBinding.2) do you know any other ways we can prevent this from happening? or can you suggest some other kind of implementation that still allows using the trusted subsystem model, while doing authorization based on the original request?
shyneman  2009-12-07 21:39:54
for 2) - no, not really - but the malicious service would have to be able to hijack an existing Windows account, including its security token - I would believe inside a corporate LAN, this is rather unlikely
marc_s  2009-12-07 21:41:00
for 2) the only option to make it even safer is to use standard Windows impersonation, instead of packaging up the Windows credentials as clear-text yourself. Let Windows handle the impersonation aspects of it all
marc_s  2009-12-07 21:41:38
i'm not passing windows credentials, i'm actually passing some username credentials originally supplied by a website, so i'm not sure how i can use impersonation.
shyneman  2009-12-07 21:45:31
but anyway, in general, it would be secure "enough" to rely on the security of the windows account to prevent this from happening right?
shyneman  2009-12-07 21:47:36
can you map those usernames from the website to existing AD accounts? If not: how do you validate/authenticate those users originally on your website??
marc_s  2009-12-07 22:02:25
If you have a "weak" authentication system on your web site, it would likely be pretty easy for a malicious service to log on and thus hijack one of your identities. But since everything is behing the corporate firewall - why not use Windows authentication in the first place on the website??
marc_s  2009-12-07 22:06:23

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability