Friday, 14 October 2011

Basics of WCF Security – Part 1

Series : Part-1  Part-2  Part-3

Getting started with WCF security
In WCF, messages are transmitted over a variety of supported protocols including IPC (named pipes), TCP, HTTP and MSMQ. So you must establish security policies for protecting messages and for authenticating and authorizing calls.
WCF security is a huge topic by itself, but we are sure with this article you will get a quick start of how to go about WCF security.

Core Security Concepts: There are four core security features that WCF addresses:-

  • Authentication: Process of identifying the message sender.
    • Mutual Authentication –a means for sender and receiver to identity one another, to prevent possible „man-in-the-middle‟ attacks.
  • Authorization: Determining the rights of the authenticated party. Like what features & functionality, an authenticated message senders, are entitled to execute.
  • Integrity: Messages should be digitally signed to ensure they have not been altered between sender and receiver.
  • Confidentiality: Sensitive messages or specific message parts should be encrypted to ensure they cannot be openly viewed on the wire.

Figure 1: - Core WCF Security Concepts

Transport and Message Level Security

There are two main aspects of WCF security, the first is the data and the second is the medium on which the data travels. The security which is applied at data level is called Message level security and the one which is applied at the protocol level is called Transport level security

Figure 2: - Transport and Message level security

Transport level security happens at the channel level. Transport level security is the easiest to implement as it happens at the communication level. WCF uses transport protocols like TCP, HTTP, MSMQ etc. and each of these protocols have their own security mechanisms. One of the common implementation of transport level security is HTTPS. HTTPS is implemented over HTTP protocols with SSL providing the security mechanism. No coding change is required; it‟s more of using the existing security mechanism provided by the protocol. Message level security is implemented with message data itself. Due to this, it is independent of the protocol. Some of the common ways of implementing message level security is by encrypting data using some standard encryption algorithm.

Figure 3: - Binding vs. Security levels
The above table shows for which binding what mode is supported. Mixed mode is the combination of transport and Message mode. For instance data encrypted and passed over WsHttp using HTTPS is a mixed mode of security. Encryption is using message security and HTTPS in the transport mode. In a combination they form mixed mode.

Security Settings in WCF

The below are some of the available security settings in Windows Communication Foundation (WCF)
  • Security mode (in this article, we‟ll discuss this part alone)
  • Protection level
  • Client and service credentials
  • Impersonation
  • Credential negotiation
  • Secure sessions
  • Authentication and authorization behaviors
The first step to securing a WCF service is defining the “Security Policy”. Once you have established requirements for Authentication, Authorization, and Message protection it is a matter of service configuration to enforce it. In WCF the binding selection process will influence/control the available configuration options for the “Service Security Policy”. Each binding has a default set of security settings defined.
For example: NetTcpBinding
  1. is secure, by default.
  2. Specifically, callers must provide “Windows credentials”, for authentication
  3. and all message packets are “Signed and Encrypted” over TCP protocol
Beyond Bindings, Behaviors also provide information about client and service credentials, and affect how authorization is handled.

Security Modes

Below are the 5 possible “Security Modes” across all “Service Bindings”.
  1. None - Turns security off.
  2. Transport - Uses “Transport security” for mutual authentication and message protection.
  3. Message - Uses “Message security” for mutual authentication and message protection.
  4. Both - Allows you to supply settings for transport and message-level security (only MSMQ supports this).
  5. TransportWithMessageCredential - Credentials are passed with the message and message protection and server authentication are provided by the transport layer.
  6. TransportCredentialOnly - Client credentials are passed with the transport layer and no message protection is applied.

Client Credential Type

It specifies the type of credential that the client must supply to communicate with your service. The choice of “clientCredentialType” depends on the “Security Mode” used.

Let us look at different modes of Transport & Message Client Credentials types:

Transport credential type

Specifies that the client does not need to present any credential. This translates to an anonymous client.
Specifies basic authentication for the client.
Specifies digest authentication for the client.
Specifies NT LAN Manager (NTLM) authentication. This is used when you cannot use Kerberos authentication for some reason.
Specifies Windows authentication.
Performs client authentication using an X.509 certificate.
User must supply a user name and password. Validate the user name/password pair using Windows authentication or another custom solution.

Message Client Credential Types

Specifies that the client does not need to present a credential. This translates to an anonymous client.
Allows SOAP message exchanges to occur under the security context established with a Windows credential.
Allows the service to require that the client be authenticated with a user name credential.
Allows the service to require that the client be authenticated using an X.509 certificate.
Issued Token
A custom token type configured according to a security policy. The default token type is Security Assertions Markup Language (SAML). The token is issued by a secure token service.

Note: The choice of “Credential Type” affects other Configuration settings for the service. For example, Username credential requires either a “Transport message” protection or “Service Certificate” to protect the exchange.

There‟s more about WCF security model. We will continue with some of the other WCF security settings in the next Article.


No comments:

Post a Comment