WCF Double Hop questions about Security and Binding.
Posted
by Ken Maglio
on Stack Overflow
See other posts from Stack Overflow
or by Ken Maglio
Published on 2010-03-29T18:48:21Z
Indexed on
2010/03/29
18:53 UTC
Read the original article
Hit count: 474
Background information:
.Net Website which calls a service (aka external service) facade on an app server in the DMZ. This external service then calls the internal service which is on our internal app server. From there that internal service calls a stored procedure (Linq to SQL Classes), and passes the serialized data back though to the external service, and from there back to the website.
We've done this so any communication goes through an external layer (our external app server) and allows interoperability; we access our data just like our clients consuming our services.
We've gotten to the point in our development where we have completed the system and it all works, the double hop acts as it should. However now we are working on securing the entire process.
We are looking at using TransportWithMessageCredentials. We want to have WS2007HttpBinding for the external for interoperability, but then netTCPBinding for the bridge through the firewall for security and speed.
Questions:
If we choose WS2007HttpBinding as the external services binding, and netTCPBinding for the internal service is this possible?
I know WS-* supports this as does netTCP, however do they play nice when passing credential information like user/pass?
If we go to Kerberos, will this impact anything? We may want to do impersonation in the future.
If you can when you answer post any reference links about why you're answering the way you are, that would be very helpful to us. Thanks!
© Stack Overflow or respective owner