Скачать презентацию X 509 support in WCF Exploring support for Скачать презентацию X 509 support in WCF Exploring support for

41510f833526760df7ce86685de78d05.ppt

  • Количество слайдов: 13

X. 509 support in WCF Exploring support for X. 509 Certificates in Microsoft’s Windows X. 509 support in WCF Exploring support for X. 509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS 591 Fall 2009 12/8/2009 Paul Cormier - X. 509 Support in WCF

Right to the point… • WCF allows you to specify a service Certificate with Right to the point… • WCF allows you to specify a service Certificate with which it will use to decrypt SOAP messages sent from clients, and to sign messages sent to clients. • It allows you to accept a client Certificate with which it will use to encrypt SOAP messages sent to clients and read signatures on SOAP messages sent from clients. 12/8/2009 Paul Cormier - X. 509 Support in WCF 2

 • WCF allows you to specify transport level protocol such as HTTPS (TLS/SSL), • WCF allows you to specify transport level protocol such as HTTPS (TLS/SSL), and the service Certificate that it uses to send SOAP messages in this manner. • WCF allows you to specify that a client Certificate to be used for Identification and provides an Identity support class. • WCF allows you to specify how Certificates should be trusted, either by its inclusion in your certificate store, chain trust in the CA signature or either. 12/8/2009 Paul Cormier - X. 509 Support in WCF 3

 • Certificate Validation, including support for custom validation. • WCF allows you to • Certificate Validation, including support for custom validation. • WCF allows you to set up a Hybrid Public/Symmetric key ‘conversation. ’ • . Net Framework includes an entire namespace to support X. 509 Certificates: System. Security. Cryptography. X 509 Certificates 12/8/2009 Paul Cormier - X. 509 Support in WCF 4

Overview 1. What is WCF 2. X. 509 is standard specifying a Public Key Overview 1. What is WCF 2. X. 509 is standard specifying a Public Key Infrastructure (PKI). 3. Three certificates (CA, Service, Client) 4. WCF ABCs. 5. WCF Authentication, Authorization, Transfer Security, Identity Management 6. Example 12/8/2009 Paul Cormier - X. 509 Support in WCF 5

What is WCF • Microsoft. Net framework API that unifies many existing standards: WS-Addressing, What is WCF • Microsoft. Net framework API that unifies many existing standards: WS-Addressing, WS-Reliable. Messaging, WS-Security etc. • Uses SOAP messages • Supports a number of different protocols • Compatible with non-Microsoft web services and clients • Service Oriented Architecture • A WCF Service is composed of Service class, hosting environment and one or more Endpoints 12/8/2009 Paul Cormier - X. 509 Support in WCF 6

Endpoint = ABC • Address (where is service) http: //localhost: 8000/servicename • Binding (how Endpoint = ABC • Address (where is service) http: //localhost: 8000/servicename • Binding (how do I talk to it) WSHttp. Binding • Contract (what can it do) [Service. Contract] [Data. Contract] [Operation. Contract] [Fault. Contract] 12/8/2009 Paul Cormier - X. 509 Support in WCF 7

WCF Authentication (who) • Who are you (client, server)? • Authentication Types: None, Windows WCF Authentication (who) • Who are you (client, server)? • Authentication Types: None, Windows authentication, Username and Password, X. 509 Certificate, Issued Token, Custom • For Certificate, the local Cert Store is checked. • IIdentity interface. 12/8/2009 Paul Cormier - X. 509 Support in WCF 8

WCF Authorization (what) • What does the client have access to do? • Windows WCF Authorization (what) • What does the client have access to do? • Windows Groups (default) • ASP. Net Membership provider (SQL Server) • WCF provides IPrincipal interface and some implementing classes. 12/8/2009 Paul Cormier - X. 509 Support in WCF 9

WCF Transfer Security (how) • How are messages secured while in transit? • Transfer WCF Transfer Security (how) • How are messages secured while in transit? • Transfer Security types: None, Transport, Message, Mixed, Both • Message: end to end, slower, more complicated • Transport: fast, hop-to-hop 12/8/2009 Paul Cormier - X. 509 Support in WCF 10

Identity Management • The identity under which the code is ran. • Can be Identity Management • The identity under which the code is ran. • Can be mixed (calling user, id that service is running as) • Special internal IIdentity class for X. 509 Certificate Identity stored in IPrincipal implementation. 12/8/2009 Paul Cormier - X. 509 Support in WCF 11

B 2 B Example 12/8/2009 Paul Cormier - X. 509 Support in WCF 12 B 2 B Example 12/8/2009 Paul Cormier - X. 509 Support in WCF 12

References • Lowy, Juval; Programming WCF Services, Oreilly • Improving Web Services Security, Scenarios References • Lowy, Juval; Programming WCF Services, Oreilly • Improving Web Services Security, Scenarios and Implementation Guidance for WCF, Patterns and Practices series (Wcf. Security. Guide. pdf), Microsoft • Web Service Security; Scenarios, Patterns and Implementation Guidance for Web Services Enhancements (WSE) 3. 0, Patterns and Practices series (MS_WSS_Dec_05. pdf) , Microsoft • Bustamante, Michele Leroux; Fundamentals of WCF Security; http: //www. codemagazine. com/article. aspx? quickid=0611051 • Also… Wikipedia, various MSDN articles. 12/8/2009 Paul Cormier - X. 509 Support in WCF 13