没有证书和 Windows 身份验证的 WCF 消息安全 [英] WCF message security without certificate and windows auth

问题描述

我有一个 WCF 服务和客户端，将部署到几家公司(数百家).一些公司将在其网络中运行该软件，而另一些公司将在 Internet 上运行该软件(WCF 服务器在办公室，WCF 客户端在另一个).

I have a WCF service and client which is going to be deployed to several companies (hundreds). Some companies will run the software in their network and some will run it over the Internet (WCF server at on office, WCF client at another).

我们想要加密 WCF 服务器和客户端之间的通信.我们不需要使用 WCF 安全性对 cient/订阅者进行身份验证，因为我们有自己的用户名/密码登录，客户端将使用它来登录服务器.

We want to encrypt the communication between the WCF server and client. We don't have any need to authenticate the cient / subscriber using WCF security, because we have our own username/password log-in which the clients will use to log on the server.

• 我们不能依赖 Windows 身份验证，因为有些用户会通过 Internet 运行它，而且 WCF 服务器可能与 WCF 客户端不在同一个域中.
• 如果我们使用真实"证书*，运行该软件的公司必须从 CA 购买证书并安装它，然后配置我们的软件才能使用它，但这对大多数公司来说太复杂了.
• 我们可以在 WCF 服务器的安装过程中自动创建证书，但随后我们必须将其自动安装到证书存储中，并以某种方式自动授予 IIS 读取证书的权限.这比我们想要的要复杂.

简而言之，我们想要一个简单的解决方案，其中加密仅基于共享机密，在我们的例子中是用户登录时使用的用户名/密码.我明白这不会提供最好的可用加密，但我们愿意牺牲一些安全性来使软件更易于部署.

In short, we want a simple solution where the encryption is just based upon a shared secret, in our case the username / password the user is logging on with. I do understand that this won't give the best available encryption, but we're willing to trade some of the security to make the software easier to deploy.

这可能吗?

*对于真实"证书，我指的是从证书颁发机构购买的证书，而不是我自己创建/自签名的证书.

*With "real" certificates, I mean certificates purchased from a certificate authority, and not one I've created myself / self-signed.

推荐答案

如果你想加密传输上的消息(这真是个好主意！)，发送者(客户端)之间必须有一些共享的知识) 和服务器.这可以是硬编码的，但这根本不是一个好主意 - 如果共同共享"知识遭到破坏，攻击者就可以破译并读取您的所有消息.

If you want to encrypt the messages on the transport (which is a really good idea!), there has to be some shared knowledge between the sender (the client) and the server. This can be hardcoded, but that's really not a good idea at all - if that "common shared" knowledge is ever compromised, an attacker could decipher and read all your messages.

此外，由于这绝对是不推荐的做法，因此 WCF 中没有任何类型的支持来简化共享密钥的使用.你是靠你自己的——你必须100%地靠自己.

Also, since it's definitely not recommended practice, there's no support of any kind in WCF to simplify using a shared secret. You're on your own - you have to roll your own 100% of the way.

以安全方式交换公共共享秘密的唯一可行方法是使用证书.没有办法解决这个问题，抱歉.该证书甚至不必用于用户身份验证或任何事情 - 但它在调用者和服务之间建立了一个共享秘密，从而允许调用者以这种方式加密消息，只有预期的接收者才能真正解密和使用他们.

The only viable way to have a common shared secret exchanged in a safe way is to use a certificate. No way around this, sorry. The certificate doesn't even have to be used for user authentication or anything - but it establishes a shared secret between the caller and the service and thus allows the caller to encrypt the messages in such a way only the intended recipient can actually decrypt and use them.

所以我真的看不出有什么办法可以绕过在服务器上安装证书 - 不需要在每个客户端上，而是在运行服务的每台服务器上.

So I really don't see any way you can get around having certificates on your servers - doesn't need to be on every client, but on every server where your service runs.

马克

PS:如果你真的想研究硬编码共享秘密"方法，你需要考虑一下:

PS: if you really want to investigate the "hardcoded shared secret" approach, you'll need to think about this:

• 您如何在您的每一位客户上安全地存储共享秘密?
• 您如何使用存储的共享秘密中的信息来加密您的消息?

通常，该方法有两个方面:

Typically, the approach would be two-fold:

1. 交换某种形式的私钥/公钥对；服务器生成一个密钥对并将私钥保留给自己，并与客户端共享公钥(例如，通过 WCF 消息)
2. 使用那个私钥/公钥对，交换一个共同的共享秘密，例如将对称加密您的消息的加密密钥"(并且由于它是对称的，服务器可以使用相同的密钥来解密消息)
3. 在您的客户端上设置基础设施(例如，一个名为 behavior 的 WCF 扩展)以在消息发出之前检查消息并使用您的共享密钥对其进行加密

1. exchange some form of a private/public key pair; the server generates a key pair and keeps the private key to itself and shares the public key with the client (e.g. over a WCF message, for instance)
2. using that private/public key pair, exchange a common shared secret, e.g. an "encryption key" that will symmetrically encrypt your messages (and since it's symmetrical, the server can use the same key to decrypt the messages)
3. setup infrastructure on your client (e.g. a WCF extension called a behavior) to inspect the message before it goes out and encrypt it with your shared secret

总而言之，这真的不是小事——任何比这更简单的事情根本不值得被称为安全".

All in all, it's really not trivial - anything simpler than that is not worth being called "security" at all.

如果你看看你必须做的所有工作 - 使用 WCF 内置证书机制不是更容易吗??

If you look at all that work you will have to do - wouldn't it be easier to just use the WCF built-in certificate mechanisms??

物有所值的安全性是很难 - 所以为什么不利用可用的东西而不是自己做所有的工作，或者更糟:想出一个半生不熟的解决方案，它很容易破解，你可以就像以明文形式轻松发送所有内容一样......不要低估处理最基本安全场景所需的复杂性和代码量 - WCF 为您完成这一切 - 免费且以可靠和安全的方式 -用它！你不会后悔的！

Decent security worth its salt is hard - so why not leverage what's available instead of doing all the work yourself, or worse: come up with a half-baked solution that's so easy to crack you could just as easily send everything in cleartext..... don't under estimate the complexity and amount of code needed to handle even the most basic security scenarios - WCF does this all for you - for free and in a reliable and safe manner - use it! You won't regret it!

这篇关于没有证书和 Windows 身份验证的 WCF 消息安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！