Login/Register
What is the simplest way to implement encryption in WCF when using the netTcpBinding?
Asked Answered
c#wcfsecuritytcpnettcpbinding
G

1

8

I am implementing a WCF service which will be used (in part) within a private LAN.

I will be using netTcpBinding and would like to implement some form of security on the communications, more specifically, it is important that the data be encrypted so that (for example) nobody could view the data being transferred across the network.

I don't believe Windows authentication will be appropriate as the end user may not maintain their windows logins and roles rigorously enough to use them as authentication. Am I right in thinking this would make it inappropriate? Please correct me if I'm wrong.

My question is, what is the simplest way to implement encryption in a WCF service using the netTcpBinding? particularly when Windows credential type is not available.

I have tried experimenting with certificates (generating my own using makecert) but there is a distinct lack of tutorials and documentation describing how to do this from start to finish using TCP and hosting the service in something other than IIS. A lot of them talk you through how to generate the certificates in detail (and no two of these tutorials are exactly the same in this regard) and finish by saying something like

use these to sign the service and client

... well unfortunately that is the process I need a little more clarification on!

Generally the certificates solution seems to be over the top and a little too much just to acheive encrypted data!

Any help or corrections in any assumptions I might have made would be really appreciated.

Glauce answered 4/5, 2011 at 12:41 Comment(2)
Before we start; what is the impetus to use NetTcpBinding? For example, would BasicHttpBinding with transport security (SSL) do the job? (I mention this because SSL is almost certainly the "simplest" thing to get working)Potentiality
I suppose because the service and client will both be running within the same LAN and various MSDN articles state that performance will be improved by using TCP instead of HTTP - that and the fact that I am more familiar working with TCP and UDP sockets than anything Web/http based so tend to lean towards it because of familiarity :) There is no firm requirement which means I have to use TCP though.Glauce
P
2

Following the discussion in the comments...

In my experience (and I've done lots of serialization/WCF work) the performance "benefit" of NetTcpBinding (and NetDataContractSerializer) is largely mythical. I have never seen a significant difference - and often vanilla http bindings are faster.

I would switch to BasicHttpBinding over SSL which is trivial to setup and is secure.

If you want improved performance etc, I would switch serializer to something like protobuf-net (disclosure: I'm the author). This does have easily demonstrated performance advantages, and works nicely inside WCF (just a change to a config file), especially over BasicHttpBinding (with an extra boost if you enable MTOM message-encoding, since it is a binary format).

Personally, I never use NetTcpBinding; as mentioned, the performance is questionable, and it gets you dependent on things that won't work in basic-http if you find you need WAN access.

Potentiality answered 4/5, 2011 at 14:47 Comment(5)
Thanks for the response. Would this still be trivial to setup considering I am not hosting the service in IIS? Would I still need to go through the whole process of using makecert and generating certificates during my design and debug phase?Glauce
@Glauce you can host outside of IIS, but yes - the certificate gets trickier. There are tutorials, though - IIRC, that covet exactly this.Potentiality
From my experience, I've found that BasicHttpBinding achieves only 70% of what I achieve using NetTcpBinding, but then again I'm shoveling around many GBs of binary data. Also, I've found that IIS lags every now and then, you occasionally get extremely long response times when using an HTTP binding.Pasol
@Chris with or without MTOM? But yes, at raw bytes net tcp will be OK, as that is pretty much verbatim in terms of serialisation. Of course, if you're focusing or raw bytes, sockets would be enticing.Potentiality
yes sockets would be nicer, our Architects really like WCF solving all problems at the moment ;-) I did try with both MTOM and without.Pasol

© 2022 - 2024 — McMap. All rights reserved.