All geek questions in one place

How to make WCF sessions more secure?

let's say we have a WCF service, such as from the msdn examples - C #, calculatorservice, with all the default service settings.

If I were a hacker, and I knew that calculator service is something important, that I want to make it stop working, I can just hack the code for service links and create my own application that will create 10 clients. these clients will call a nonterminating method on the calculatorservice each time to keep the session alive and never close.

Now, obviously, since all 10 sessions are busy (or regardless of the number of maximum sessions), no one can access the calculator service, it is completely blocked!

How can we protect our services from this?

+3
source share
2 answers

If you are afraid that a malicious hacker will close your service with fictitious sessions, then do not use sessions! Use a per-call approach and authenticate your users, for example. make sure that they are either located in the Windows / AD domain, or that they have knowledge of the username / password to make calls to your service.

, , 10 20 - , WCF. WCF , 1 000- , .

IP- IP-, - / - WCF .

+3

WCF:

, WCF . WCF. , Windows 2003 Server Authorization Manager, WCF . WCF Windows, X.509 .

+1

Source: https://habr.com/ru/post/1724764/

More articles:


All Articles