Tuesday, May 6, 2008

Fundamentals of WCF Security (Part One)

<<Part Two>>

Fundamentals of WCF Security (Part One):

Building distributed applications has never been easy. As the applications that we write satisfy more complex business requirements, it’s traditionally meant that the distributed applications we build get more complex themselves. It was the below types of development challenges in building distributed applications that drove the design goals of the Windows Communication Foundation (WCF). For example:
  • Standards-based interoperability needs to be taken into account for communication across heterogeneous systems.
  • Different programming models like Web services, distributed objects, and message queuing with different capabilities that are focused on different application scenarios to address development needs and these are often contain functionality and features that don’t combine well with one another.
  • Security is critical for applications, but often complicated to implement.

WCF addresses a range of challenges for communicating applications. Three things stand out, however, as the most important aspects of WCF:

  • Unification of existing .NET Framework communication technologies.
  • Support for cross-vendor interoperability, including reliability, security, and transactions.
  • Explicit service orientation.

Windows Communication Foundation (WCF) is a runtime and a set of APIs for creating systems that send messages between services and clients. The same infrastructure and APIs are used to create applications that communicate with other applications on the same computer system or on a system that resides in another company and is accessed over the Internet. It is designed to offer a manageable approach to distributed computing, broad interoperability, and direct support for service orientation. It supports many styles of distributed application development by providing a layered architecture. It is a secure, reliable, and scalable messaging platform for the .NET Framework 3.0. With WCF, SOAP messages can be transmitted over a variety of supported protocols including IPC (named pipes), TCP, HTTP and MSMQ. Like any distributed messaging platform, you must establish security policies for protecting messages and for authenticating and authorizing calls.
In simple words, WCF is a new framework for building distributed applications that enables developers to build secure, reliable service-oriented applications that integrate across platforms and interoperate with existing investments. It reduces the coding and complexity of developing, deploying and managing distributed applications by combining and extending the capabilities of existing Microsoft distributed systems technologies like Enterprise Services, System.Messaging, Remoting, ASMX, and WSE. WCF solutions can run within the context of a single machine, over company intranets, or across the Internet using a variety of protocols, formats, and message exchange patterns.

WCF Architecture:

WCF high-level view architecture is a two layered architecture consisting of a messaging layer and the service model. The Messaging layer handles the low-level messaging of WCF services. It moves messages around on the wire and provides messaging features like transport extensibility, reliability, and transport security. The Service Model sits on top of the Messaging layer. It is the API for building WCF services and is the coupling between the messaging and the CLR. It is where transactions get set up, it controls instancing of objects, etc. All features in messaging layer are exposed through the service model.

How it works:

WCF: How it works
WCF: How it works

Fundamental Security Concepts:

A consistent set of fundamental security concepts apply in any distributed messaging system. Consider a message from sender (the calling application) to receiver (the target service receiving the message for processing).

Core Security Concepts:
  • Authentication : Process of identifying the message sender.
    • Mutual Authentication –a means for sender and receiver to identity one another, to prevent possible man-in-the-middle attacks.
  • Authorization: Determining the rights of the authenticated party like what system features and functionality an authenticated message senders are entitled to execute.
  • Integrity: Messages should be digitally signed to ensure they have not been altered between sender and receiver.
  • Confidentiality: Sensitive messages or specific message parts should be encrypted to ensure they cannot be openly viewed on the wire.
  • Reliability: Preventing replay and Denial Of Service.
WCF provides a rich and configurable environment for creating security policies and setting runtime behaviors to control these security features.
  • Authentication (variety of mutual authentication mechanisms are supported by using)
    • Implies passing appropriate credentials to identify callers
      • Windows Tokens
      • Username and Password
      • Certificates
      • Issued Tokens (in a federated environment).
    • Services must also be identified
      • Windows tokens
      • certificates
  • Authorization:
    • Authorization against the appropriate credential store and based on:
      • Windows Roles
      • ASP.NET Roles
      • Custom Authorization
  • Integrity and Confidentiality (based on)
      • Symmetric Session Keys
      • Asymmetric Keys for “Single-hop protection”

Scope of the WCF Security Component:

WCF security spans multiple components in the WCF architecture. The main goal of security in WCF is to provide integrity, confidentiality, authentication, authorization, and auditing for the applications that are built on top with the WCF framework. WCF architecture splits these functions into the following pieces:
  • Transfer security - Responsible for providing message confidentiality, data integrity, and authentication of communicating parties.
    • Protecting messages while transferred from point to point
      • Across network nodes
      • Between applications
      • Across interoperable boundaries
    • Encryption and digital signatures facilitate
    • Transport security is on the wire
    • Message security can traverse network nodes
    • Transport Level Security:

    • It can be provided by using any one of SSL, TLS, IPSec.
    • It is a Point-to-point.
    • Transport level security applies to entire message
    • Message Level Security:

    • Web services security (WS*) - The WS-Security implementation in WCF handles the following:
      • Serialization of security tokens to and from SOAP messages.
      • Authentication of security tokens.
      • Application and verification of message signatures.
      • Encryption and decryption of SOAP messages.
    • Secure to ultimate message receiver (through intermediaries (XML firewalls, proxies, etc.))
    • Secure message parts.
  • Authorization - Responsible for providing a framework for making authorization decisions.
  • Auditing - Responsible for logging security-related events to the audit log.

Please refer to my other post "Fundamentals of WCF Security (Part Two)" for more information on security related settings available in WCF.

<<Part Two>>

4 comments:

Anonymous said...

Ah, This is great! Dispells
a few contradictions I've read

Anonymous said...

Ah, This is perfect! Dispells
some contradictions I've seen

Anonymous said...

Ah, This is perfect! Clears up
some misnomers I've been hearing.

Anonymous said...

This was really interesting. I loved reading it