Menu
Can I secure my WCF service using AWS authentication. I am tring to figure this out by google search and finding articles on calling a service that is already secured using AWS authentication. Not an article of how to secure a WCF service with AWS. Isn't there an option, is my understanding of AWS authentication and signing wrong about this. Please point me to an article to start with.
387
To secure an application that runs exclusively on a Windows domain, you can use the default security settings of either the WSHttpBinding or the NetTcpBinding binding. By default, anyone on the same Windows domain can access WCF services. Because those users have logged on to the network, they are trusted.
WCF service provides us high level security framework which provide enterprise level security. It uses WS-I standard to provide secure service. But Web API uses web standard security such as basic authentication, token authentication and for more complex such as OAuth; Web API provides more flexibility.
I'm going to assume your intend is to create a WCF REST service that uses an HMAC based authentication scheme like Amazon S3 is using.
The way to implement this is to create your own WebServiceHost and override the ApplyConfiguration method. In this method, you set a new ServiceAuthorizationManager.
this.Authorization.ServiceAuthorizationManager = new MyServiceAuthorizationManager();
Derive the MyServiceAuthorizationManager class from WCF's ServiceAuthorizationManager and override the CheckAccessCore method.
class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
// check the validity of the HMAC
// return true if valid, false otherwise;
return IsValidHMAC(WebOperationContext.Current);
}
}
For more details on the implementation of the algorithm, see this answer.
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
