The following is In this article:
- Introduction
- Authentication
- Authorization
- Message Integrity
- Message Confidentiality
Introduction
This article is all about the basics of the WCF Security; in other words, this is the starting point of diving into the WCF Security concepts, and yes, security is the most important for any technology we are working. A decade before SOAP didn't provide a secure message from tampering rather there was a way to encrypt the messages; all the security details were delegated to the transport layer. As a result, making SOAP an independent platform was a big challenge. Then one fine day, a new generation of security, called WS-* specifications, was born to extend the existing SOAP specification with security capabilities for client authentication and message protection. The new model for securing the messages at the message levels were also included. This SOAP specification was created in combination with the big leaders in industries such as Microsoft, IBM and SUN, among others. The following are the principles that WCF uses to secure the communication over the network.
Authentication
An authentication process normally asks the two questions, who are you and what is the proof you need to get inside? For these questions the sender must provide an answer to prove an identity in the form of username and password or Windows authentication or a token with cryptographic information or an X509 certificate. On the other hand, the service should have a mechanism for verifying/validating the evidence that was collected from the client. For example if the custom username and password is used, the service should have logic to validate the username and password supplied by the client. The client is successfully authenticated only if the verification drops good results. In the following three different scenarios the authentication would be fruitful:
- Client Authentication
- Server Authentication
- Mutual Authentication
Client Authentication is authentication by the service to validate and verify that you are the right person to utilize my service methods. Then what is server authentication? Server authentication is authenticated by the client to confirm that the client is talking to the right person, so the client needs to verify the service identity. Why does the client need to verify the server? Because we need to prevent phishing attacks that are nothing but an attacker who makes available a fake service with the same signature as the original one to capture sensitive information about the user, for example: credit card numbers, credit card pins and transaction passwords are normally not provided to anyone right? Until the person is your family member or a known good friend. The final one to discuss here is Mutual authentication, that is a combination of client authentication and the server authentication. The client and the server authenticate each other before any operation is made.
Authorization
Authorization normally decides what are all the system resources or the operations can be accessed by an authenticated user. WCF provides a couple of mechanisms to Implement the authorizations in the services.
- Role-Based Authorization
- A claim based Authorization and the Authorization context
I am not going to explain in detail about the mechanisms in this article, we will discuss it in my series of articles on WCF Security.
Message Integrity
It ensures that the contents of the message has not been tampered with or altered in transit. Say for examle the customer requests some amount from the bank, what if someone in the middle attacks the message by making some change in the values.
Integrity of data in transit is generally based on cryptographic techniques such as digital signatures.
Message Confidentiality
It ensures that data in the message is highly confidential and private and is not read by unauthorized parties. It should not be seen by anyone in the network. Whereas the message integrity is the message would not be altered in the network. Without the message confidentially you cannot achieve the message integrity and vice versa. Message confidentiality is based on cryptographic techniques like data encryption.
Security Models
The two security models that have been used to protect the communications between the client and the services are:
- Transport security
- Message security
Using the preceding two security models we can do authentication, authorization, Message Integrity and the Message Confidentiality, depending upon your requirements you need to choose any. Of course, there are some advantages and disadvantages of each model. Okay let's discuss them.
Transport Security
WCF has the capability to provide security at the message level and at the transport level, yes we can protect the channel that transports the data; that is called Transport Security. Protecting the data itself passing through the channel is called Message Security. Transport security is easier to implement because the protocols of what WCF uses has their own security mechanisms; it has very minimal source code changes. Transport security provides only point-to-point security between two endpoints, the client and server. It will not be a good one if the message passes through multiple intermediaries because they need to forward a message over a new SSL connection, also if the message leaves the channel it will not be a secure one.
Message Security
It is about providing security on the message itself, completely independent for any transport protocol. It Just encrypts the data using some standard encryption algorithm.. A SOAP message contains multiple parts (header and body) of a message that can be secured by various encryption methods. Here every message it passes are encrypted or signed with security credentials and claims enclosed with every message. Security technologies could be a username and passwords, X509 Certificates, Kerberos and so on. Message security is based on WS-Security. Since this article is intended to explain security basics, we will speak more on the certificates and message security in my future articles.
Message Security Vs Transport Security
Message Security |
Transport Security |
Not a good option |
Best one for Intranet |
Secure if the message is forwarded via intermediate routers |
Best way, If there is no intermediate routers between |
Provides end to end security |
Security provides only for the channel, once the message is out of the transport medium message is unsecure |
No Dependency with any protocol |
Security inherent from the protocol, so no extra coding |
Performance will be slow since every single message is encrypted |
Good in Performance |
Summary
CIAA: Confidentiality, Integrity, Authentication and Authorization are more important in the security concepts.