如何验证从它发送的消息信任客户端应用程序 [英] How to authenticate client application for trust of messages sent from it
问题描述
的基本问题
我怎么知道这是送我的服务我的信息公开访问(客户端)应用程序?我怎么知道这是不被模仿我的应用程序的一些其它应用?
The basic question
How do I know that it is my publicly accessible (client) application that is sending my service messages? How do I know that it is just not some other application that is impersonating my application?
一些背景
目前我们登录通过log4net的和WCF到数据库我们的网站上发生的所有错误。这个工作良好,因为web服务器(从网络访问 - 晴可信)报告存在错误到应用服务器(从网络不可访问 - 可信)上运行的WCF服务经由信任关系。因此,我们知道,所有的错误日志是真实的,我们需要仔细研究。
Some Background
Currently we log all errors that occur on our websites via log4net and WCF to a database. This works well because the web server (accessible from the web - Partly Trusted) reports there errors to the WCF service running on the application server (inaccessible from the web - Trusted) via a trusted relationship. We therefore know that all error logs are real and we need to investigate them.
使用我们的新网站,我们计划使使用Silverlight来助兴了一点。我们面临的问题是如何将报告错误,从Silverlight应用程序后面的网络消费者的PC上运行(不信任),以我们的应用服务器(无法访问来自网络 - 可信)。
With our new sites we plan to make use of SilverLight to liven things up a little. The problem we are faced with is how to report errors back from the SilverLight application running on the web consumer's PC (Untrusted) to our application server (inaccessible from the web - Trusted).
我们可以通过通过Web服务器上的服务门面客户端通信解决应用服务器的交通不便问题,所以这是无后顾之忧。当我们需要确保发送消息的应用程序确实是我们的应用程序,而不是只是一个模仿者出现问题。
We can solve the inaccessibility problem of the application server by making the client communicate via a service facade on the web server, so that is no worry. The problem occurs when we need to be sure that the application sending the messages really is our application and not just an impersonator.
的几点思考
在code将被写入的 C#的,并在客户端计算机上本地运行的 SilverLight的的应用程序中运行,所以我们不能保证它不会被反编译并用假消息发送到我们的服务。
Some Thoughts
The code will be written in C# and be running in a SilverLight application that runs locally on the client PC, so we cannot be guaranteed that it will not be decompiled and used to send fake messages to our service.
以上意味着我们不能使用常规的对称加密,因为我们不能存储在应用我们的专用密钥(也可以反编译)。同样,我们不能使用非对称加密,因为它可能只是模拟(攻击者只需登录与存储的公钥信息,并将它们发送 - 消息将看起来很真实)
The above means that we cannot make use of conventional symmetric encryption because we can't store our private key in the application (it can be decompiled). Similarly we can't use asymmetric encryption since it could just be impersonated (the attacker could just sign messages with the stored public key and send them - the messages would look real)
在此应用程序的情况下,没有用户认证,所以我们不能用它来提供给我们的信任。
In the case of this application there is no user authentication, so we cannot use that to provide us with trust.
是的,我知道这是相当具有的bizzare错误日志比数据的应用程序显示了更好的保护,但它是这样的:)
Yes, I know this is rather bizzare with the error logs being better protected than the data the application displays, but it is the case :)
任何想法或帮助将不胜AP preciated!
Any thoughts or help would be greatly appreciated!
推荐答案
不可能的。
您可以验证用户身份,而不是应用程序。
You can authenticate users, but not the application.
比方说,你决定到应用程序数字签名。这个签名,然后由客户端应用程序检查其自己的可执行的二进制文件反对这个签名在运行时读取。没有什么$ P $从简单地从你的应用程序删除此检查pvents对手。
Let's say you decide to digitally sign the application. This signature is then read at runtime by your client application checking its own executable binaries against this signature. There is nothing that prevents the adversary from simply removing this check from your application.
即使你把它几乎是不可能扭转工程师您的应用程序,对手总是可以看一下沟通渠道,写,看起来没有区别从客户到您的服务器冒名顶替。
Even if you make it close to impossible to reverse engineer your application, the adversary could always look at the communication channel and write an imposter that looks indistinguishable from your client to your server.
你能做的唯一的事情就是验证对用户身份在服务器上执行的操作。
The only thing you can do is validate the actions on the server against a user identity.
这篇关于如何验证从它发送的消息信任客户端应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
