SlideShare uma empresa Scribd logo

ITCamp 2012 - Leonard Abu-Saa - WCF Security

ITCamp
ITCamp
TecnologiaNegócios
1 de 16
Baixar para ler offline
WCF Security Abu-Saa Leonard, Software Architect Arobs Transilvania Software Blog: http://net-daylight.blogspot.com/ @ itcampro # itcamp12 Premium conference on Microsoft technologies
ITCamp 2012 sponsors Architecture & Best Practices @ itcampro # itcamp12 Premium conference on Microsoft technologies
Agenda Architecture & Best Practices • Overview • Authentication & Authorization • Security Modes • Credential Types • WCF Authentication Service • Custom UserName & Password Authentication • Q&A @ itcampro # itcamp12 Premium conference on Microsoft technologies
Overview Architecture & Best Practices • Online transactions • Do we ignore security ? @ itcampro # itcamp12 Premium conference on Microsoft technologies
Overview – Security fundamentals Architecture & Best Practices • Auditing and Logging • Authentication • Authorization • Configuration Management • Message Protection • Message Validation • Senzitive data • Session Management @ itcampro # itcamp12 Premium conference on Microsoft technologies
Threats, Vulnerabilities and Attacks Architecture & Best Practices • Asset • Threat • Vulnerability • Attack @ itcampro # itcamp12 Premium conference on Microsoft technologies
Authentication != Authorization Architecture & Best Practices • Authentication identifies a user, process • One of the most important aspect of security • We use id daily: ids, user names & passwords, etc. @ itcampro # itcamp12 Premium conference on Microsoft technologies
Authorization Architecture & Best Practices • Verifies what resources can access the itentified party • It happens after authentication • Very close related with Authentication @ itcampro # itcamp12 Premium conference on Microsoft technologies
Authentication in WCF Architecture & Best Practices • None • Basic • NTLM • Windows • Certificate • Username – Custom Provider – SqlMembership Provider • Issued Token @ itcampro # itcamp12 Premium conference on Microsoft technologies
Security Modes Architecture & Best Practices • None – Not recommended • Transport Security – Encrypts the communication channel • Message Security – The message is encrypted @ itcampro # itcamp12 Premium conference on Microsoft technologies
Security Modes - Variations Architecture & Best Practices • Transport Credential Only – Credentials are sent as part of the message but are not encrypted • Transport With Message Credential – Credentials are sent as part of the message and the message protection is done at the transport level @ itcampro # itcamp12 Premium conference on Microsoft technologies
Transport Security Architecture & Best Practices • SSL over HTTP(S)/TCP • Our purpose is to ensure integrity, condidentiality and authentication • Integrity = encryption key • Confidentiality = data encryption • Authentication = credentials • Use a digital certificate to encrypt the channel @ itcampro # itcamp12 Premium conference on Microsoft technologies
Transport Security Architecture & Best Practices • When we use Transport Security ? • Advantages – Better performance – Interoperability • Disadvantages – ‘Point-2-Point’ @ itcampro # itcamp12 Premium conference on Microsoft technologies
Message Security Architecture & Best Practices • When we use Message Security? • Encrypts only the message • Advantages – ‘End-2-End’ security – Independent of the communication protocol • Disadvantages – Lower perfomance compared to transport – Does not support interoperability with older ASMX clients @ itcampro # itcamp12 Premium conference on Microsoft technologies
WCF Authentication Service Architecture & Best Practices • Uses ASP.NET membership to authenticate users • It requires cookies • Can customize user login • Can customize authentication cookie @ itcampro # itcamp12 Premium conference on Microsoft technologies
Q&A @ itcampro # itcamp12 Premium conference on Microsoft technologies

Recomendados

ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp
 
Paypal-IPN
Paypal-IPNPaypal-IPN
Paypal-IPN
Mindfire Solutions
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an Hour
Cyren, Inc
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social Engineering
Ishan Girdhar
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
August Detlefsen
 
Burp suite
Burp suiteBurp suite
Burp suite
Ammar WK
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning Strategies
Pavel Revenkov
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1
Anil Kumar M
 

Recomendados

ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challengeITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp 2012 - Mihai Nadas - Tackling the single sign-on challenge
ITCamp
 
Paypal-IPN
Paypal-IPNPaypal-IPN
Paypal-IPN
Mindfire Solutions
 
How to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an HourHow to Launch a Web Security Service in an Hour
How to Launch a Web Security Service in an Hour
Cyren, Inc
 
Pyscho-Strategies for Social Engineering
Pyscho-Strategies for Social EngineeringPyscho-Strategies for Social Engineering
Pyscho-Strategies for Social Engineering
Ishan Girdhar
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
August Detlefsen
 
Burp suite
Burp suiteBurp suite
Burp suite
Ammar WK
 
Windows Azure Versioning Strategies
Windows Azure Versioning StrategiesWindows Azure Versioning Strategies
Windows Azure Versioning Strategies
Pavel Revenkov
 
Wcf security session 1
Wcf security session 1Wcf security session 1
Wcf security session 1
Anil Kumar M
 
Web Service Security
Web Service SecurityWeb Service Security
Web Service Security
n|u - The Open Security Community
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)
Marc Wickenden
 
Basics of WCF and its Security
Basics of WCF and its SecurityBasics of WCF and its Security
Basics of WCF and its Security
Mindfire Solutions
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yara
Rinaldi Rampen
 
Pentesting With Web Services in 2012
Pentesting With Web Services in 2012Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
Ishan Girdhar
 
WCF Security, FSec
WCF Security, FSecWCF Security, FSec
WCF Security, FSec
Ante Gulam
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
Mohammed A. Imran
 
Intro to IronWASP
Intro to IronWASPIntro to IronWASP
Intro to IronWASP
n|u - The Open Security Community
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
jasonhaddix
 
Lunch Learn - WCF Security
Lunch Learn - WCF SecurityLunch Learn - WCF Security
Lunch Learn - WCF Security
Paul Senatillaka
 
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp
 
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp
 
ITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing SkillsITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing Skills
ITCamp
 
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp
 
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp
 
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp
 
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The EnterpriseITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp
 
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal TrendsITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp
 
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data LakeITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp
 

Mais conteúdo relacionado

Destaque

WCF Security, FSec
WCF Security, FSecWCF Security, FSec
WCF Security, FSec
Ante Gulam
 
Lunch Learn - WCF Security
Lunch Learn - WCF SecurityLunch Learn - WCF Security
Lunch Learn - WCF Security
Paul Senatillaka
 

Destaque (10)

Web Service Security
Web Service SecurityWeb Service Security
Web Service Security
 
Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)Burp plugin development for java n00bs (44 con)
Burp plugin development for java n00bs (44 con)
 
Basics of WCF and its Security
Basics of WCF and its SecurityBasics of WCF and its Security
Basics of WCF and its Security
 
Burpsuite yara
Burpsuite yaraBurpsuite yara
Burpsuite yara
 
Pentesting With Web Services in 2012
Pentesting With Web Services in 2012Pentesting With Web Services in 2012
Pentesting With Web Services in 2012
 
WCF Security, FSec
WCF Security, FSecWCF Security, FSec
WCF Security, FSec
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Intro to IronWASP
Intro to IronWASPIntro to IronWASP
Intro to IronWASP
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Lunch Learn - WCF Security
Lunch Learn - WCF SecurityLunch Learn - WCF Security
Lunch Learn - WCF Security
 

Mais de ITCamp

ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp
 
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp
 
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp
 

Mais de ITCamp (20)

ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
ITCamp 2019 - Stacey M. Jenkins - Protecting your company's data - By psychol...
 
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
ITCamp 2019 - Silviu Niculita - Supercharge your AI efforts with the use of A...
 
ITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing SkillsITCamp 2019 - Peter Leeson - Managing Skills
ITCamp 2019 - Peter Leeson - Managing Skills
 
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
 
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UXITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
ITCamp 2019 - Ivana Milicic - Color - The Shadow Ruler of UX
 
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean ArchitectureITCamp 2019 - Florin Coros - Implementing Clean Architecture
ITCamp 2019 - Florin Coros - Implementing Clean Architecture
 
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
ITCamp 2019 - Florin Loghiade - Azure Kubernetes in Production - Field notes...
 
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
ITCamp 2019 - Florin Flestea - How 3rd Level support experience influenced m...
 
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
ITCamp 2019 - Emil Craciun - RoboRestaurant of the future powered by serverle...
 
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The EnterpriseITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
ITCamp 2019 - Eldert Grootenboer - Cloud Architecture Recipes for The Enterprise
 
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal TrendsITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
ITCamp 2019 - Cristiana Fernbach - Blockchain Legal Trends
 
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data LakeITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
ITCamp 2019 - Andy Cross - Machine Learning with ML.NET and Azure Data Lake
 
ITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AIITCamp 2019 - Andy Cross - Business Outcomes from AI
ITCamp 2019 - Andy Cross - Business Outcomes from AI
 
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud StoryITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
ITCamp 2019 - Andrea Saltarello - Modernise your app. The Cloud Story
 
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
ITCamp 2019 - Andrea Saltarello - Implementing bots and Alexa skills using Az...
 
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
ITCamp 2019 - Alex Mang - I'm Confused Should I Orchestrate my Containers on ...
 
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go NowITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
ITCamp 2019 - Alex Mang - How Far Can Serverless Actually Go Now
 
ITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian QualityITCamp 2019 - Peter Leeson - Vitruvian Quality
ITCamp 2019 - Peter Leeson - Vitruvian Quality
 
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World ApplicationITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
ITCamp 2018 - Ciprian Sorlea - Million Dollars Hello World Application
 
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
ITCamp 2018 - Ciprian Sorlea - Enterprise Architectures with TypeScript And F...
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

ITCamp 2012 - Leonard Abu-Saa - WCF Security

  • 1. WCF Security Abu-Saa Leonard, Software Architect Arobs Transilvania Software Blog: http://net-daylight.blogspot.com/ @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 2. ITCamp 2012 sponsors Architecture & Best Practices @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 3. Agenda Architecture & Best Practices • Overview • Authentication & Authorization • Security Modes • Credential Types • WCF Authentication Service • Custom UserName & Password Authentication • Q&A @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 4. Overview Architecture & Best Practices • Online transactions • Do we ignore security ? @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 5. Overview – Security fundamentals Architecture & Best Practices • Auditing and Logging • Authentication • Authorization • Configuration Management • Message Protection • Message Validation • Senzitive data • Session Management @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 6. Threats, Vulnerabilities and Attacks Architecture & Best Practices • Asset • Threat • Vulnerability • Attack @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 7. Authentication != Authorization Architecture & Best Practices • Authentication identifies a user, process • One of the most important aspect of security • We use id daily: ids, user names & passwords, etc. @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 8. Authorization Architecture & Best Practices • Verifies what resources can access the itentified party • It happens after authentication • Very close related with Authentication @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 9. Authentication in WCF Architecture & Best Practices • None • Basic • NTLM • Windows • Certificate • Username – Custom Provider – SqlMembership Provider • Issued Token @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 10. Security Modes Architecture & Best Practices • None – Not recommended • Transport Security – Encrypts the communication channel • Message Security – The message is encrypted @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 11. Security Modes - Variations Architecture & Best Practices • Transport Credential Only – Credentials are sent as part of the message but are not encrypted • Transport With Message Credential – Credentials are sent as part of the message and the message protection is done at the transport level @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 12. Transport Security Architecture & Best Practices • SSL over HTTP(S)/TCP • Our purpose is to ensure integrity, condidentiality and authentication • Integrity = encryption key • Confidentiality = data encryption • Authentication = credentials • Use a digital certificate to encrypt the channel @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 13. Transport Security Architecture & Best Practices • When we use Transport Security ? • Advantages – Better performance – Interoperability • Disadvantages – ‘Point-2-Point’ @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 14. Message Security Architecture & Best Practices • When we use Message Security? • Encrypts only the message • Advantages – ‘End-2-End’ security – Independent of the communication protocol • Disadvantages – Lower perfomance compared to transport – Does not support interoperability with older ASMX clients @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 15. WCF Authentication Service Architecture & Best Practices • Uses ASP.NET membership to authenticate users • It requires cookies • Can customize user login • Can customize authentication cookie @ itcampro # itcamp12 Premium conference on Microsoft technologies
  • 16. Q&A @ itcampro # itcamp12 Premium conference on Microsoft technologies