41510f833526760df7ce86685de78d05.ppt
- Количество слайдов: 13
X. 509 support in WCF Exploring support for X. 509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS 591 Fall 2009 12/8/2009 Paul Cormier - X. 509 Support in WCF
Right to the point… • WCF allows you to specify a service Certificate with which it will use to decrypt SOAP messages sent from clients, and to sign messages sent to clients. • It allows you to accept a client Certificate with which it will use to encrypt SOAP messages sent to clients and read signatures on SOAP messages sent from clients. 12/8/2009 Paul Cormier - X. 509 Support in WCF 2
• WCF allows you to specify transport level protocol such as HTTPS (TLS/SSL), and the service Certificate that it uses to send SOAP messages in this manner. • WCF allows you to specify that a client Certificate to be used for Identification and provides an Identity support class. • WCF allows you to specify how Certificates should be trusted, either by its inclusion in your certificate store, chain trust in the CA signature or either. 12/8/2009 Paul Cormier - X. 509 Support in WCF 3
• Certificate Validation, including support for custom validation. • WCF allows you to set up a Hybrid Public/Symmetric key ‘conversation. ’ • . Net Framework includes an entire namespace to support X. 509 Certificates: System. Security. Cryptography. X 509 Certificates 12/8/2009 Paul Cormier - X. 509 Support in WCF 4
Overview 1. What is WCF 2. X. 509 is standard specifying a Public Key Infrastructure (PKI). 3. Three certificates (CA, Service, Client) 4. WCF ABCs. 5. WCF Authentication, Authorization, Transfer Security, Identity Management 6. Example 12/8/2009 Paul Cormier - X. 509 Support in WCF 5
What is WCF • Microsoft. Net framework API that unifies many existing standards: WS-Addressing, WS-Reliable. Messaging, WS-Security etc. • Uses SOAP messages • Supports a number of different protocols • Compatible with non-Microsoft web services and clients • Service Oriented Architecture • A WCF Service is composed of Service class, hosting environment and one or more Endpoints 12/8/2009 Paul Cormier - X. 509 Support in WCF 6
Endpoint = ABC • Address (where is service) http: //localhost: 8000/servicename • Binding (how do I talk to it) WSHttp. Binding • Contract (what can it do) [Service. Contract] [Data. Contract] [Operation. Contract] [Fault. Contract] 12/8/2009 Paul Cormier - X. 509 Support in WCF 7
WCF Authentication (who) • Who are you (client, server)? • Authentication Types: None, Windows authentication, Username and Password, X. 509 Certificate, Issued Token, Custom • For Certificate, the local Cert Store is checked. • IIdentity interface. 12/8/2009 Paul Cormier - X. 509 Support in WCF 8
WCF Authorization (what) • What does the client have access to do? • Windows Groups (default) • ASP. Net Membership provider (SQL Server) • WCF provides IPrincipal interface and some implementing classes. 12/8/2009 Paul Cormier - X. 509 Support in WCF 9
WCF Transfer Security (how) • How are messages secured while in transit? • Transfer Security types: None, Transport, Message, Mixed, Both • Message: end to end, slower, more complicated • Transport: fast, hop-to-hop 12/8/2009 Paul Cormier - X. 509 Support in WCF 10
Identity Management • The identity under which the code is ran. • Can be mixed (calling user, id that service is running as) • Special internal IIdentity class for X. 509 Certificate Identity stored in IPrincipal implementation. 12/8/2009 Paul Cormier - X. 509 Support in WCF 11
B 2 B Example 12/8/2009 Paul Cormier - X. 509 Support in WCF 12
References • Lowy, Juval; Programming WCF Services, Oreilly • Improving Web Services Security, Scenarios and Implementation Guidance for WCF, Patterns and Practices series (Wcf. Security. Guide. pdf), Microsoft • Web Service Security; Scenarios, Patterns and Implementation Guidance for Web Services Enhancements (WSE) 3. 0, Patterns and Practices series (MS_WSS_Dec_05. pdf) , Microsoft • Bustamante, Michele Leroux; Fundamentals of WCF Security; http: //www. codemagazine. com/article. aspx? quickid=0611051 • Also… Wikipedia, various MSDN articles. 12/8/2009 Paul Cormier - X. 509 Support in WCF 13