At this point, we have learned how to develop a three-layer WCF service with LINQ to Entities. To further enhance our WCF service, in this chapter we will explore the security settings of a WCF service. As big a topic as WCF security is, in this chapter we will only cover the basic concepts, and we will host our HelloWorld
WCF service using Basic and Windows Authentication with the HTTPS protocol.
We will cover the following topics in this chapter:
WCF security spans multiple components in the WCF architecture. The main goal of security in WCF is to provide integrity, confidentiality, authentication, authorization, and auditing for the applications that are built on top of the WCF framework. A good WCF architecture splits these functions into the following pieces:
In this section, we will cover WCF authorization and auditing briefly and in the next section, we will discuss WCF transfer security in details.
Authorization is the process of controlling access and rights to resources, such as services or files. Unlike the WCF service authentication, which is usually handled automatically by the communication framework, for WCF service authorization, you will have to come up with your own strategy and infrastructure. You can choose one of the following to implement authorization for your WCF service:
In this book, we will not discuss WCF service authorization any further, as it is fundamentally the same as authorizations of any other types' applications.
WCF applications can log security events (either success, failure, or both), using the auditing feature. The events are written to the Windows system event log and can be examined by using the Event Viewer.
The benefits of WCF auditing include the following:
You can configure the
WCF service security logging through the ServiceSecurityAudit
behavior in the service configuration file. You can specify security audit levels for both message authentication and service authorization events.
For example, the following behavior configuration will enable a security audit for all events for both authorization and authentication of a WCF service:
<behavior name = "MySecurityAudit"> <serviceSecurityAudit auditLogLocation = "Default" serviceAuthorizationAuditLevel = "SuccessOrFailure" messageAuthenticationAuditLevel = "SuccessOrFailure" /> </behavior>
In the rest of this chapter, we will focus on the transfer security part of WCF services. We will discuss WCF transport-level and message-level security, transfer security modes supported by various bindings, and WCF authentications.
WCF transfer security is also referred to as security mode. There are two transfer security levels for WCF services—transport level and message level. You can also mix these two levels to create a mixed-level security mode.
The WCF security modes that are available are as follows:
Not every WCF binding supports every security mode. For example, basicHttpBinding
supports transport, message, or mixed security modes, but not both, while netNamedPipeBinding
only supports transport-level security (or none). The following table lists the
most common bindings and their supported security modes:
Binding name |
None |
Transport |
Message |
Mixed |
Both |
---|---|---|---|---|---|
√(Default) |
√ |
√ |
√ |
X | |
√ |
√(Default) |
√ |
√ |
X | |
√ |
√(Default) |
√ |
√ |
X | |
√ |
√(Default) |
X |
X |
X | |
√ |
√ |
√(Default) |
√ |
X | |
√ |
X |
√(Default) |
X |
X | |
√ |
X |
√(Default) |
X |
X | |
√ |
√(Default) |
√ |
X |
√ |
WCF transport security is applied at the transport level on the byte stream below the message layer. In this case, a message does not have a security header and it does not carry any user authentication data. Transport security mode only provides point-to-point security between the two endpoints and it is the least flexible in terms of WS-Security usage because it is highly dependent on the transport layer. However, the transport security mode is the fastest in terms of performance, and it gives the best interoperability with client applications.
The most common approach for transport security mode is to combine it with Secure Sockets Layer (SSL) or HTTPS to encrypt and sign the contents of all packets. We will secure a WCF service with transport security and SSL in later sections of this chapter.
WCF message security is applied on the message level. With message security, the user credentials and claims are encapsulated in every message. The message security mode provides end-to-end security and it provides a high flexibility from an authentication perspective. Since messages are directly encrypted and signed, having intermediaries does not break the security. You can use any type of authentication credential you want, largely independent of the transport layer as long as both client and server agree.
WCF mixed security gives you the best of both transport security and message security. In this case, WCF transport security ensures the integrity and confidentiality of the messages, while WCF message security encapsulates the user credentials and claims in every message. The WCF mixed security mode allows you to use a variety of user credentials that are not possible when using strict transport security mechanisms, while leveraging transport security's performance.
When WCF transport security and WCF message security are combined, the user credentials and claims are transferred at both the transport layer and the message level. Similarly, message protection is provided at both the transport layer and the message level. Note that this is not a common scenario, and the Microsoft Message Queuing (MSMQ) binding is the only binding that supports this mode.
The WCF authentication options depend on the transfer security mode being used. For this reason, the authentication choices are partly determined by the transfer security mode. The following are the available authentication options for transport security mode:
For WCF services using the message security mode, authentication choices are different from the services using the transport security mode. The following are the available authentication options for the message security mode: