Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to secure my wcf service using AWS authentication

Can I secure my WCF service using AWS authentication. I am tring to figure this out by google search and finding articles on calling a service that is already secured using AWS authentication. Not an article of how to secure a WCF service with AWS. Isn't there an option, is my understanding of AWS authentication and signing wrong about this. Please point me to an article to start with.

like image 387
Esen Avatar asked Jan 15 '16 22:01

Esen


People also ask

How to secure WCF services?

To secure an application that runs exclusively on a Windows domain, you can use the default security settings of either the WSHttpBinding or the NetTcpBinding binding. By default, anyone on the same Windows domain can access WCF services. Because those users have logged on to the network, they are trusted.

Why WCF is more secure?

WCF service provides us high level security framework which provide enterprise level security. It uses WS-I standard to provide secure service. But Web API uses web standard security such as basic authentication, token authentication and for more complex such as OAuth; Web API provides more flexibility.


1 Answers

I'm going to assume your intend is to create a WCF REST service that uses an HMAC based authentication scheme like Amazon S3 is using.

The way to implement this is to create your own WebServiceHost and override the ApplyConfiguration method. In this method, you set a new ServiceAuthorizationManager.

this.Authorization.ServiceAuthorizationManager = new MyServiceAuthorizationManager();

Derive the MyServiceAuthorizationManager class from WCF's ServiceAuthorizationManager and override the CheckAccessCore method.

class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
    protected override bool CheckAccessCore(OperationContext operationContext)
    {
        // check the validity of the HMAC
        // return true if valid, false otherwise;
        return IsValidHMAC(WebOperationContext.Current);
    }
}

For more details on the implementation of the algorithm, see this answer.

like image 107
MvdD Avatar answered Oct 25 '22 19:10

MvdD