WCF and Silverlight 4.0 in N-Tier App : Secure service calls (No SSL, No Message Security, No x.509)
Our architecture is a straightforward N-Tier model, which consists of a ASP.Net Application sitting in IIS7 (hosted in DiscountASP), that exposes methods on a WCF Service. Those methods talk to the DB using EF4. The clients are in Silverlight 4.0.
Three important points:
Authentication and Authurazation are not a concern - calls to the service are anonymous and we don't care about the identity of the caller.
The data transferred in the methods calls in not sensitive.
We just want to make sure that calls can't be made by anyone.
Correct me if In wrong:
Message security is not an option because it's not supported in Silverlight. Transport security (HTTPS and x.509/SSL certificates) also can't be done in SilverlightSo the steps we take to enforce some level of security are:
A secret key is hard-coded into on of the dll's in the XAP.
This dll is scrambled so it can't be re-engineered.
The secret key is sent as a parameter to all the service method calls.
At the start of each method, check the secret key against the original sitting in the DB.
Remove the MetaDataExchange endpoint from the service.
Considering this minimal setup and it's many flaws, the biggest flaw is probably the fact that the transfer is not secured(HTTP), and the secret key is exposed. So th开发者_JAVA百科e questions are:
If a malicious user want to harm our system, how much effort does he need to put in order to extract the secret key, find what methods are exposed and start calling them ?
Is there some other WCFcombiantion that can provide the basic protection of credentials on each call (No HTTPS or Certificates )?
Well no it becomes much more clear what you mean by security in contract to your previous question. Security consists of several aspects.
Authentication and Authurazation are not a concern - calls to the service are anonymous and we don't care about the identity of the caller.
We just want to make sure that calls can't be made by anyone.
That is a contradiction. If you want to ensure that calls cannot be made by everyone you are looking for authentication.
- The data transferred in the methods calls in not sensitive.
Considering this minimal setup and it's many flaws, the biggest flaw is probably the fact that the transfer is not secured(HTTP), and the secret key is exposed.
Another contradiction - you are obviously want to send sensitive data.
Message security is not an option for Silverlight - that is true if we are talking about message encryption and signing but you can still pass user name and password in the message if you use HTTPS for providing secure channel = TransportWithMessageCredential
How much effort is needed to find a secret key?
- If you don't use HTTPS it will find everybody with basic skills and access to network trafic
- If you place the key in assembly it will probably require more skills but still the key will be there (obfuscation make hard to reverse engineer the logic but constants must be still the same).
If you want to secure your transmission and build secure solution you must use HTTPS. Services exposed over HTTPS can be consumed by Silverlight. You can also use user name and password to identify your clients. Clients will be responsible for keeping the user name and password in secret because if they will not you will see who's account harmed your application.
精彩评论