2

I have created .Net wcf services hosted under iis. The services are using ssl.

The customer has a security demand. The services should be allowed to be consumed only from a specific client application.

The services are already using windows authentication and are limited to specific users. Identifying the consumer's ip or using a certificate is not good enough because theoretically an approved user from an approved client machine will be able to consume the services not only from the intended client application.

Is there a secured way to achieve this?

Yosi Maurer
  • 101
  • 2
  • 6

1 Answers1

2

If you use message security then you can specify an X509 certificate that should be used for signing the messages. This locks down usage to specific machines (group policy can be used to control the installation of the certificates).

If you need to limit it to specific users rather than specific machines or devices, then federated security is the way to go.

Additionally client and server message headers may be helpful, although I would encourage you to use regular security mechanisms as much as possible rather than rolling your own.

Community
  • 1
  • 1
slugster
  • 49,403
  • 14
  • 95
  • 145
  • The limit should be set to allow only a specific client application - not only machine or user. – Yosi Maurer Jun 09 '14 at 09:52
  • @YosiMaurer I have achieved this in the past by using an X509 cert that was only accessible to the application. You could ship it included in the app as an encrypted resource. It's not totally safe, but then again next to nothing is. – slugster Jun 09 '14 at 09:54
  • The limit should be set to allow only a specific client application - not just machine or user. I considered using headers - but i am not sure if this method is secured enough. Headers can be easily intercepted with the rest of the http message using tools like fiddler. Will the usage of SSL make the http headers secured? – Yosi Maurer Jun 09 '14 at 09:58
  • @YosiMaurer SSL is only secure until someone starts up Fiddler on the same machine and inspects everything going out. Let me repeat: there are **NO** totally secure methods of doing this, you can only make it incredibly hard to break. X509 is the way - the server bindings can be set up so that anything not using that cert will not be able to connect. SSL doesn't prevent anything except reading the *contents* of the WCF pipeline (it is *transport* security, not *message* security). – slugster Jun 09 '14 at 10:08