Section 10.10. Anonymous Application


10.10. Anonymous Application

In the Anonymous scenario, the clients access the service without presenting any credentialsthey are anonymous. On the other hand, the clients and the service do require secure message transfer, impervious to tampering and sniffing. Both an Internet-facing and intranet-based application may need to provide for anonymous yet end-to-end secure access. The anonymous scenario can have any number of clients, small or large. The clients may connect over HTTP or over TCP.

10.10.1. Securing the Anonymous Bindings

The need to secure the message, and the fact that the clients may be calling over the Internet with multiple intermediaries means that in the Anonymous scenario, you should use Message security, since it can easily accomplish both requirements, by setting the Message credentials to no credentials. The service needs to be configured with a certificate to secure the message itself. For the Anonymous scenario, you can use only the NetTcpBinding, WSHttpBinding, WSDualHttpBinding, and NetMsmqBindinga mixture of both Internet and intranet bindings, as is required in this scenario. Note that you cannot use the BasicHttpBinding, NetNamedPipeBinding, NetPeerTcpBinding, or WSFederationHttpBinding, as those bindings either do not support Message security or do not support having no credentials in the message (see Tables 10-1 and 10-3). Configuring the allowed bindings is similar to the previous scenarios. The noticeable difference is in configuring for no client credentials, for example by using MessageCredentialType.None in the case of WSHttpBinding:

 WSHttpBinding binding = new WSHttpBinding( ); binding.Security.Message.ClientCredentialType = MessageCredentialType.None; 

Or when using a config file:

 <bindings>    <wsHttpBinding>       <binding name = "WSAnonymous">          <security mode = "Message">             <message clientCredentialType = "None"/>          </security>       </binding>    </wsHttpBinding> </bindings> 

10.10.2. Authentication

No client authentication is done in the Anonymous scenario of course, and the client need not provide any to the proxy. For service authentication toward the client and for message protection, the service needs to provide its certificate, as in Example 10-8.

10.10.3. Authorization

Since the clients are anonymous (and unauthenticated), authorization and role-based security are precluded. The service host should set the PrincipalPermissionMode property to PrincipalPermissionMode.None to have WCF install a generic principal with a blank identity, instead of a Windows principal with a blank identity.

10.10.4. Identity Management

Assuming the use of PrincipalPermissionMode.None, the identity associated with the principal object is a GenericIdentity with a blank username. That identity is considered unauthenticated. The security call context's primary identity will match the principal identity. The Windows identity, on the other hand, will be set to a Windows identity with a blank username; that is, unauthenticated. Table 10-7 shows the identities in this scenario.

Table 10-7. Identity management in the Anonymous scenario

Identity

Type

Value

Authenticated

Thread Principal

GenericIdentity

-

No

Security Context Primary

GenericIdentity

-

No

Security Context Windows

WindowsIdentity

-

No


10.10.4.1. Impersonation

Since the clients are anonymous, the service cannot impersonate any of its clients.

10.10.5. Callbacks

While the call from the client to the service is anonymous, the service does reveal its identity to the client. The primary identity of the security call context will be set to an instance of the X509Identity class, with a name set to the common name of the service host certificate suffixed by the certificate's thumbprint. The rest of the information is masked out. The principal identity will be set to a Windows identity with a blank username, which will preclude authorization and role-based security, as it is considered anonymous. The security call context's Windows identity will be set to a WindowsIdentity instance with a blank identity, which will preclude impersonation. Avoid sensitive work in the callback since you cannot use role-based security and the callers are unauthenticated as far as the principal is concerned.




Programming WCF Services
Programming WCF Services
ISBN: 0596526997
EAN: 2147483647
Year: 2004
Pages: 148
Authors: Juval Lowy

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net