Securing your Data Layer in a C# Application

Question

I was thinking about how to secure the Data Layer in a C# Application, the layer could in this case be either a LINQ to SQL Model Diagram stored with the Application itself containg the connection string to the SQL Server Database.

Or it could be connectivity between the application and webservices.

Either you need to impement some sort of security, for instance, the Connection String in a Application can easily be reverse engineered and Webservices can easily be tracked and used for other reasons than the applications original purpose.

So my question is in a shorter way: How do you solve the security issues when handling Webservices and/or direct connection to a SQL Server From a Windows Forms Application?

Answer 1

In your case there are two main attack possibilities:

• Steal the connection string and then access the database directly
• Call methods in your C# code directly without using the UI

For the connection string you need to store it in an encrypted form in a config file. Problem is that there need to be enough information in the winforms app so that it can decrypt and use it.

For accessing the code directly you can use code access security and obfuscation.

In your case I would not give the windows app direct access to the database. Let the windows app call a WCF service, the the WCF service would access the database.

The user's user account is allowed to call the WCF service, the WCF service is running under an account that is allowed to access the database, the user's user account has no rights to the database.

Windows App with 3 Layers:

• UI
• Business (Security check what UI should be shown to the user)
• Proxy

WCF Service with 2 Layers:

• Facade / Business Layer (Security check is user allowed to call this method with this data)
• Entity Framework datamodel

Common dll's to both Layers

• Contracts / WCF Interfaces
• Data Transfer Objects

For info on proxy, contracts and DTO's see this video:

http://www.dnrtv.com/default.aspx?showNum=103

Answer 2

Shiraz Bhaiji came close, but I think they missed the key step.

Yes, you want access to the database to be mediated by a middle tier, exposed through WCF, which imposes whatever business logic you require, including full access control. This service does have the connection string that you want to keep secret, but it's not accessible to the WinForm clients.

The key step is that the client uses the user's authentication to gain appropriate levels of access, and never has any ability to contact the database or even get full control of the middle tier. The middle tier grants access to methods based on the groups that the client user is a member of. This means that a user with low security can call any method they like, but they'll get access denied exceptions, or data filtering, or whatever other failure mode is appropriate. The user account, on its own, has no access to the database, so the middle tier can do whatever it likes.

The obvious way to bypass this would be for the client to use the account of someone with full access. Of course, if they could do that, they'd already have what they wanted.

Hopefully, this approach would be useful in solving your problem.

edit

This solution does not allow LINQ-to-SQL in the client, just the middle tier. If that's a dealbreaker, then this isn't for you. Then again, the moment the client can access the database directly, a gigantic security door is opened up, and it's hard to close. There's a huge amount of extra work involved in securing the database itself so that it provides the sort of user-based, row-level security that comes naturally from a three-tier solution. I would generally recommend against it, although I do recognize that there are times when it is entirely appropriate.