Question
I have a simple service contract, defined as:
https://stackoverflow.com/questions/16714250
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian[ServiceContact]
public interface IEcho
{
[OperationContract]
void Hello(string value);
}
which is implemented in a local WCF service (accessed through a net.pipe:// address).
I need to know who is calling the service.
Basically, I need to reject the calls to IHello.Echo made from any assembly not signed by me, for security reasons. The Hello method should not be available to untrusted callers.
I vaguely remember that in the old .NET 1 remoting days, we could walk the stack and check the identity of the callers. But how can I do this with WCF?
Solution 3
I've come across other questions along the same lines:
and apparently, there is no secure way of making sure the sender of the message is indeed a specific strongly signed assembly. There is always some way a malicious assembly could spoof its identity.
In short, the answer is: it is impossible.
OTHER TIPS
You can't authenticate the caller assembly. Caller of the service resides in a different process that you have no access.
Instead you need to use any solution that provides client authentication in WCF. Since you are using named pipes, you should look into message level authentication (as opposed to transport level).
In WCF you can interrogate CLientCredentials object if you have authentication turned on.
You could also secure the service usign a certificate ... that way you know whoever is calling it has been issued the certificate ... that isn't the same as a signed assembly ... but it is the same as a certified caller from a known source.
You do that with the ServiceCredentials part of the web.config ... it is quite flexible in how you choos ethe certificate. If you wan tto lock down who can call the service i recommend this.
If you want to be in control of a list of people who can register and unregister than go for some kind of user storage and authentication . authorisation mechanism that calls off to a database.
response to comment:
Yeah fair enough. However in the situation with trusted assemblies the malicious user can simply copy the assembly. So i think you are strawmanning slightly tbh. One involves reverse enginnering the other requires xcopy.
Given your new requirement:
You need to write some kind of authenticator service that generates a pseudo random sequence has some kind of handshake using a revocable one time use certificate to sync up. There are several examples around ... you are getting into the territory of STS servers and authentication providers. In reality you probably want a window to resync over time and a pseudo random generator that can spit out the nth number in its sequence quickly. the algorithms exist but you are getting into the kind of realm where you need to be highly qualified to start giving advice without 3 pages of saying 'don't quote me this is hard shit'. I'd rather describe how to implement an encryption algorithm tbh - and i wouldn't do that either.
There is a saying with computers if you want a secure computer lock it in a safe, dump it in the ocean. It is logically impossible to be secure - you just have to determine the lengths you want an attacker to go through.
The fact is if you are in a trust situation you should know a lot of information from mac address to ip to certificate. you can revoke those credentials at any time and reestablish them. But if someone presents the correct credentials then to say they are not who they say they are is the same as saying a chair is not a chair - its being paranoid. the trick is to gather the evidence to make the decision.
If you want bullet proof authentication go out and buy it - it will cost you a lot of money
