c# - How do I securely authenticate the calling assembly of a WCF service method? -
The current situation is as follows: We have a production. 3.5 WCF service, which is used by many applications throughout the organization, is being authenticated on the transport level using WsHttpBinding or netTcpBinding Windows integrated security. This service has a method Foo (string parameter)
, which can only be called by members of the AD group, string parameter is mandatory.
A new client comes into the App Play (NIT 3.5, C # console app), which eliminates the need for a string parameter. However, this particular application should only release the allowed call-permission string parameter. Identification of the client application's caller should still be known by the server, because the limit of the AD Group still applies (except for impersonation on the customer side).
I have found a way, but this method is not clearly safe because "proof" can easily be deceptive, besides CAS (code access protection) seems like a possible solution, but I can not understand how to use CAS in this particular scenario.
Is anyone suggesting how to solve this issue?
Edit: I found; Apparently, the conclusion is that it is impossible to implement in a safe fashion.
I feel as if you need to draw safety into a different service ... a more federal By going down the route, you can apply a handshake type of encryption using public and private keys to generate a secure session token in both cases.
In this way you can still get both windows of CNA = a certification and a custom solution in the game while maintaining your properties on safety methods (I'm assuming that you do this in this manner However, fair bit of work - I had to do this from scratch and participated in some cross domain / delegation issues. But I'm sure this idea is good.
How do you end with a solid model based on a solid concrete claim
Comments
Post a Comment