views:

1141

answers:

2

We have an encryption service that we've exposed over net.tcp. Most of the time, the service is used to encrypt/decrypt strings. However, every now and then, we the need to encrypt large documents (pdf, jpg, bmp, etc).

What are the best endpoint settings for a scenario like this? Should I accept/return a stream? I've read a lot about this, but no one gives guidance on what to do when the large file doesn't occur frequently.

+1  A: 

One pattern you could follow is to have an asynchronous service that works on files on a shared file system location:

  1. Place the file to be encrypted on a shared location
  2. Call the service and tell it to encrypt the file, passing both the location and name of the file, and the addres of a callback service on the client
  3. The service would encrypt the file and place the encrypted copy in a shared location (the same as where the unencrypted was placed or different, doesn't matter)
  4. The service would call back to the client, giving the name and location of the encrypted file
  5. The client can retrieve the encrypted file
Guy Starbuck
+2  A: 

MSDN describes how to enable streaming over WCF rather well.

Note, if the link between client and server needs to be encrypted, then you'll need to "roll your own" encryption mechanism. The default net.tcp encryption requires X.509 certificates, which won't work with streams as this kind of encryption needs to work on an entire message in one go rather than a stream of bytes.

This, in turn, means that you won't be able to authenticate the client using the default WCF security mechanisms as authentication requires encryption. The only work-around for this that I know of is to implement your own custom behaviour extensions on client and server to handle authentication.

A really good reference on how to add custom behaviour extensions is here: this documents how to provide custom configuration, too (something that I don't think is discussed anywhere in the MSDN documents at this time).

Jeremy McGee