开发者

Secure WCF Service so that only my "clients" can call it

开发者 https://www.devze.com 2023-03-03 12:06 出处：网络

I\'m about to write a WCF Service to run 开发者_如何学JAVAon IIS. The service will be called by a variety clients, including Android, iOS, Windows Phone, and Black Berry as well as possibly a Windows/

相关专题：.net security wcf web-services

I'm about to write a WCF Service to run 开发者_如何学JAVAon IIS. The service will be called by a variety clients, including Android, iOS, Windows Phone, and Black Berry as well as possibly a Windows/Mac Desktop Client.

I understand that the client should always be treated as hostile. My design already incorporates several checks in the data to make sure that fake clients don't abuse it; however, I'm wondering what other techniques one can use to ensure that a service is only called by authorized clients?

You could require transport-layer security (SSL) and distribute the appropriate keys out-of-band - I believe that's how it's usually done.

EDIT

How this is implemented server-side can vary based on the binding you're using. To configure this for the vanilla wsHttpBinding, follow the instructions here.

The RESTful webHttpBinding also supports certificate authentication, but only with HTTPS - not just HTTP.