WCF Security Between WinForms Client and Shared Host Web Server

Question

WCF Security Between WinForms Client and Shared Host Web Server

Good,

I developed this WinForms client that interacts with a server (ASPX application) using WCF calls. Now I would like to deploy a server for my shared web hosting, but I'm a little new to WCF and especially about security features.

The goal is to protect the WCF service so that not everyone who knows or knows the endpoint address can call it. Most likely, only my WinForms client should be able to call the WCF service.

I do not need user-based authentication, so no authentication is required from the client user. But I want only instances of this WinForms client to interact with the service. The information transmitted between the server and the client is not very sensitive, so in fact it does not need to be protected, but this is a plus if it is easy to do.

Is this possible in a shared host (IIS) environment (without HTTPS)? What bindings and options should I use? I assume wsHttpBinding, but how would I configure the security settings?

Using .NET 4.0

thank

+3

security iis winforms wcf wcf-security

tjeuten Jul 18 '10 at 7:03

source share

2 answers

, : " - WCF, ?" , WCF, , . , .

HTTPS , , OWASP A9: . - , , . , .

, WCF, , "executeQuery()", . , , . , . SQL-, CWE-602: .

, CWE-602, OWASP A4: . WCF, , ? ?

, , - OWASP A1: Injection, , "Taint and Sink". , , CreateProcess(), cmd.exe. , , "", CreateProcess() - "". , , ; SQL Injection, LDAP Injection, XPATH Injection. - .

+2

rook 18 . '10 7:51

marc_s · Accepted Answer · 2010-07-18T08:12:36+0000

, -, , - ? , (, PHP, Ruby ..) - ?

, WCF - . - ( , ). ( ), . , .

: ? , , wsHttpBinding ( RESTful - webHttpBinding). .NET, , , (- ) /, , .

.NET, :

; "" - -, " " ( ), , .. , , , .
- . HTTP . . , .
- , - WCF, . , , http, ( , ). . , WCF.
. - . , , .

, - WCF , , .

WCF Security Between WinForms Client and Shared Host Web Server

More articles: