如何为WCF Rest服务维护基于IP的安全性 [英] How to maintain IP based security for WCF Rest Services

问题描述

Hello All，



我创建了一个WCF Rest服务并在IIS上托管它。此服务将由网络和移动应用用户使用。我想保证（验证）访问我的服务

这是基于每个请求的IP。



请建议更好的方法这个。



谢谢

Hello All,

I have created one WCF Rest services and hostet it on IIS. This services is going to use by web and mobile app users. I want to secure(authecate) to access my service
which is based on IP of each request.

Kindly suggest better way to do this.

Thanks

推荐答案

基于IP通常适用于企业对企业的沟通。这是因为企业通常拥有静态IP地址。您仍然必须解决如何处理IP欺骗。



在您的情况下，这种方法可能会导致问题，尤其是来自移动设备的问题。原因是你如何保证IP地址不变？对于使用电缆调制解调器或DSL的典型消费者或SMB，这种情况不会经常发生，但可以。在移动世界中，如果他们使用移动服务，IP地址可以从一分钟到另一分钟变化。



永远不要害怕，你还有选择！



我认为您最好的选择是实施预共享密钥 [ ^ ]安全。我个人刚刚构建了一个公开的WCF服务来实现这一点。密钥存储在客户端（最好是加密的）并传输到服务器。然后服务器解密密钥并验证它是否是正确的密钥。我添加了一层额外的安全性。我将发送到WCF服务的密钥加密。我知道我的密钥是固定长度所以我在加密它并将其发送到我的服务之前将随机文本附加到它的末尾。这样，每次发送密钥时字节总是在变化，这使得更难推断出密钥。



这当然只是一种选择。还有很多其他方法可以实现面向公众的服务的安全性。我建议拿起一本关于WCF的书并阅读安全章节。您可以使用许多开箱即用的解决方案。如果您真的开始使用IP地址安全性，请查看以下内容： IIS IP安全性 [ ^ ]

IP based often works well for business to business communication. This is because businesses usually have static IP addresses. You still have to address how to do you handle IP spoofing.

In your case, this approach could cause a issues, especially from a mobile device. Reason being is how do you guarantee the IP address doesn't change? For your typical consumer or SMB using a cable modem or DSL, this doesn't happen as often, but it can. In the mobile world, the IP address can literally change from minute to minute if they are using cellular service.

Never fear, you still have options!

I think your best option is to look at implementing a Pre-shared Key[^] security. I personally just built a publicly exposed WCF service that implements this. The key is stored on the client (preferably encrypted) and is transmitted to the server. The server then decrypts the key and verified is it is the correct key. I add one layer of additional security. I salt the key that is sent to the WCF service. I know that my key is a fixed length so I append random text to the end of it before encrypting it and sending it to my service. This way, the bytes are always changing each time the key is sent making it harder to deduce the secret key.

This is of course only one option. There are lot of other ways to implement security for public facing services. I would suggest picking up a book on WCF and read over the security chapter. There a lot of out of the box solutions that you might be able to make use of. If you are truly set on using IP address security, take a look at this: IIS IP Security[^]

这篇关于如何为WCF Rest服务维护基于IP的安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！