WCF Security Basics Simplifying the Security Maze Michele Leroux

Document Sample
WCF Security Basics Simplifying the Security Maze Michele Leroux Powered By Docstoc
					VWX401: WCF Security Basics –
 Simplifying the Security Maze

    Michele Leroux Bustamante
      Chief Architect, IDesign
    Microsoft Regional Director
About Michele
Leroux Bustamante
•   IDesign Inc., www.idesign.net
•   Microsoft Regional Director
•   MVP – XML Web Services
•   IASA - Board of Directors
•   Published - MSDN, CoDe,
•   International Speaker, INETA
•   Program Advisor, UCSD Extension
•   Web Services Track Chair, SD Expo
•   www.dasblonde.net,
 Fundamental Security Concepts

• Mutual Authentication – verify sender and
• Confidentiality – protect information from
  open view, using encryption
• Integrity – ensure messages have not been
  altered, using digital signatures
• Reliability – prevent message replay and
  denial of service (DoS)
Transport Level Security

• Point-to-point
• Applies to entire message
                Trust Relationship

   Sender                            Receiver
Message Level Security

• Web services security (WS*)
• Secure through intermediaries
• Secure message parts
                Trust Relationship

   Sender          Intermediary      Receiver
WCF Security Settings

•   Security mode
•   Protection level
•   Client credentials
•   Impersonation
•   Service credentials
•   Credential negotiation
•   Secure sessions
•   Algorithms
•   Authentication/Authorization
     Security Mode

                                Transport           Service
         Client A

                        C B A               A B C

         Client B

                        C B A               A B C

A   Address => where?            Message
B   Binding => how?

C   Contract => what?
 Security Mode

 • Transport Security
  <binding name="netTcpTransportSecurity">
    <security mode="Transport>">
      <transport clientCredentialType="Windows" />
 Security Mode

 • Message Security
  <binding name="wsHttpMessageSecurity">
    <security mode="Message">
clientCredentialType="UserName" />
  Security Mode

 • Mixed Security
  <binding name="basicHttp">
      <transport />
      <message clientCredentialType="UserName"/>
  Protection Level

 • By default signed and encrypted
 • Can require minimum message protection
    ●   At service, operation or message contract
    ●   ProtectionLevel options: None, Sign,
 • Also throttles message protection
string HelloIndigo(string inputString);}
Client Credentials

• WCF is a claims-based system
  ●   All credentials evaluate to a set of claims
  ●   Enables claims-based security model
• Credential types include:
  ●   Username and password
  ●   Windows credentials
  ●   X.509 certificates
  ●   Issued SAML tokens (includes CardSpace)
• Selections vary for transport and message

  • Service can control impersonation level
      ●   OperationBehaviorAttribute
      ●   ImpersonationLevel setting: NotAllowed,
          Allowed, Required
public string HelloIndigo(string inputString)

  • Can control for all service operations
      ●   ServiceAuthorization behavior
<serviceAuthorization impersonateCallerForAllOperations="false"/>

   • Clients can control impersonation level
      ●   TokenImpersonationLevel
      ●   None, Anonymous, Identification,
          Impersonation, Delegation
NetworkCredential creds = new
NetworkCredential("username", "password", "domain");

proxy.ClientCredentials.Windows.AllowedImpersonationLevel =
Intranet Scenario

• Windows credentials
• Authentication and authorization using
  Windows membership and role providers
• Transport encryption and signing
• Role-based permission demands on
  protected operations
• Reject impersonation of Windows
  accounts (trusted subsystem)
  Service Certificate

  • Authenticate service to client and secure
  • Required for non-windows credentials
  • ServiceCredentials behavior
    <behavior name="serviceBehavior" >
        <serviceCertificate findValue="RPKey"
storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
  Client Certificate

  • Clients may also authenticate with a
  • ClientCredentials behavior

    <behavior name="clientBehavior">
        <clientCertificate findValue="SubjectKey"
storeLocation="CurrentUser" storeName="My"
Business Partner Scenario

• Service certificate identifies service and
  protects messages during transfer
• Certificates uniquely identify partners
• Certificates are authenticated using the
  default certificate validation process
• Certificates authorized by public key in the
  TrustedPeople folder for the LocalMachine
  certificate store

• Service credentials can be negotiated
  ●   By default this is enabled
  ●   SPNego (Windows) or TLSNego
• Requires a service certificate
  ●   Transport level uses SSL, message level
      uses WS-Trust tunnel
• Can disable with
  ●   Requires Kerberos domain or access to
      service credentials
<security mode="Message">
  <message clientCredentialType="UserName"
negotiateServiceCredential="false"   />
  Secure Sessions

  • Reduce the overhead of one-off key
    exchange and validation
  • Security context token (SCT)
  • Enabled by default
     ●   Can disable, client must provide public key

<security mode="Message">
  <message clientCredentialType="UserName"
establishSecurityContext="false"   />

  • Can choose algorithm for message
    encryption and signing
     ●   Important for interoperability
  • Available choices match conventions
    described in the WS-SecurityPolicy
<security mode="Message">
  <message clientCredentialType="UserName"
algorithmSuite="TripleDes" />

• Claims are added to the security context
  when client credentials are authenticated
  ●   SecurityTokenAuthenticator handles
      this for each token
  ●   AuthorizationContext holds claims
• Can control authentication settings
  ●   Settings in ServiceCredentials behavior
  ●   Control membership provider, certificate
      authentication modes, anonymous users, etc.
  <windowsAuthentication allowAnonymousLogons="false"
includeWindowsGroups="true" />
    <authentication certificateValidationMode="ChainTrust"

• Can configure authorization with behaviors
  ●   ServiceAuthorization behavior,
      PrincipalPermissionMode setting
      • None, UseWindowsGroups, UseAspNetRoles,
        Custom (requires IAuthorizationPolicy)
• Controls the type of security principal
  ●   WindowsPrincipal,

  • Can use ASP.NET roles provider

  • Can provide custom authorization policy
      ●   Implement IAuthorizationPolicy
      ●   Useful for certificates or claims-based security
<serviceAuthorization principalPermissionMode="Custom" >
    <add policyType=
Internet Scenario

• SSL used for transport security and
  service authentication
• Service certificate for service
  authentication and message protection
• UserName credentials
• Services are hosted with IIS/ASP.NET
• Authentication and authorization use the
  built-in ASP.NET membership and
  provider model

• WCF provides granular control over
  security through bindings, behaviors and
  built-in service model types
• Supports Intranet, Internet, business
  partner exchanges and claims-based
• Highly extensible
• IDesign’s declarative security model
  simplifies configuration to remove the
  complexity and potential for error

• www.idesign.net
  ● Code library, coding standard, sample
    architecture report
  ● IDesign Method™

• WCF Master Classes
  ●   IDesign WCF Master Class available on-site
      and as quarterly public offering

• My Book
  ●   Learning Windows Communication
      Foundation, O’Reilly
      • Online at: http://www.thatindigogirl.com
      • Printed in January 2007
• My Blog
  ●   http://www.dasblonde.net