WCF，安全和证书 [英] WCF, Security and Certificates

问题描述

我有一个客户端/服务器WCF应用程序需要对数据库进行某种用户身份验证。该应用程序（客户端和服务器在一起）正在开发，销售给几十个客户，在其内部网上使用。我们不必太担心加密大部分数据移动通过电线，除非当然在身份验证期间。

考虑到WCF安全，我不断回到这个想法我们应该使用x509证书。但是，我们的客户绝对不想知道有关申请，购买和安装这些证书的任何细节。

我想先知道在这种情况下实现用户名/密码认证的首选方法。如果需要使用证书，客户是否必须从受信任的CA申请自己的证书，或者我们作为软件提供者生成证书供客户使用？

真的我在寻找最好的做法，与我们的客户的摩擦最小。

谢谢！

编辑：我使用的是NetTcpBinding，我的服务器作为Windows服务运行。

如果您想下载客户端证书根你得到不可否认的优势 - 你可以确保机器发送是谁说它是（除非有人窃取了证书，这是不太可能比一个用户名和密码组合走）。您作为软件提供商可以充当您自己的证书颁发机构，并生成您自己的客户端证书（根据您的基础架构，有几种方法可以执行此操作），但是您需要配置客户端以信任您的根CA.

如果服务器和客户端在域环境中运行，您可以使用使用Windows身份验证的传输安全性（您使用tcp绑定，因此互操作性无论如何都在窗口外！）额外的好处是认证是透明的，你不需要任何证书。如果您想要验证服务器身份，请使用Windows身份验证的邮件安全性将会做的伎俩。

I have a client/server WCF application that needs some sort of user authentication against a database. The application (both client and server together) is being developed to be sold to dozens of customers, for use on their intranets. We're not too worried about encrypting most of the data moving across the wire, except of course during authentication.

Thinking about WCF security, I keep coming back to the idea that we should be making use of x509 certificates. However, our customers will definitely not want to know about any of the details of having to apply for, purchase and install these certificates.

I'd like to know first of all what the preferred method is of implementing username/password authentication in this scenario. If it will require using certificates, must the customer apply for their own certs from a trusted CA, or can we as the software provider generate certificates for the customer to use?

Really I'm looking for a best practice, with the least friction to our customers.

Thanks!

Edit: I'm using NetTcpBinding, and my server is running as a Windows Service.

解决方案

So username/passwords does not require client certificates as I'm sure you're aware, it simply requires an HTTPS certificate on the server hosting the WCF service - once you have that you can happily use the standard username/password auth bits (WCF will not allow message based authentication without HTTPS).

If you wanted to head down the client certificate root you get the advantage of non-repudiation - you can be sure that the machine sending is who it says it is (unless someone has stolen the certificate, which is less likely than a username and password combination going walk about). You as the software provider could act as your own certificate authority and generate your own client certs (there are a few ways to do this depending on your infrastructure) but then you need to configure the clients to trust your root CA.

If the server and client are running in a domain environment you could use transport security with Windows authentication (you're using tcp binding, so interoperability is out the window anyway!) The added bonus to this is the authentication is transparent and you don't need any certificates anywhere. If you want verfication of the server identity then message security with Windows authentication will do the trick.

这篇关于WCF，安全和证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！