Hi,
In WCF web services (or all web services?), if the client and server times are off you get a security exception.
Can someone explain to me why this is?
It is a pain if you are building client server services and the time has to be accurate?
+2
A:
I strongly suspect that this is to make replay attacks harder. These are attacks where a legitimate request and/or response captured by an attacker is sent again at a later time.
Darron
2008-12-30 21:35:47
A:
I've seen that too.
My guess is that it is a securitymeassure. It will make it more difficult to record and replay messages, and sending them to the service repeatedly.
Arjan Einbu
2008-12-30 21:36:19
A:
Just use NTP on both server and client to have their clocks synchronized, and you should be OK (unless I am missing something specific). NTP has servers worldwide and can work on both Unix and Windows. In Windows it is even a system property since at least WinXP times: check Date/Time settings "Internet Time" tab, and enter any of the publicly available NTP servers closest to you.
Gnudiff
2008-12-30 22:35:05