0

We are using WCF Services that transfer some data from a Client Application to the Server Application (WCF Service). This last one will apply an algorithm using these data and send back the result to the client.

We would like to authenticate the Client Application from the Server WCF Service. Would it be possible to get the Client Application Checksum directly from the WCF Service?

We are already using wsHttpBinding but we would like to add one more layer on the client application integrity.

Appreciate for your help, Camille.

Camille
  • 25
  • 1
  • 4

1 Answers1

2

he WCF service can't get anything from the client unless the client sends it to the service. So if you can get your client to send your service the checksum (as a method parameter), then you're in business. WCF is not magic. Nor is any "service" technology for that matter. It is a simple tcp/ip communication between a client and a server. On both side, the only information that goes across is the information each side decides to send, nothing more.

Community
  • 1
  • 1
Shiv Kumar
  • 9,599
  • 2
  • 36
  • 38
  • If we can only send the checksum as a method parameter, an attacker could easily fake this checksum. That wouldn't make authentication better.... – Camille Feb 23 '11 at 03:37
  • I didn't say it would make anything better. I was merely telling you how things work. You could use Https or you can encrypt the data that's sent across or hash it (in both cases use a salt of some sort. The answer to your question is as I said. The client has to send information over to the server. The server can't magically get information from the client. In fact the client has to initiate the conversation. That's how client/server works. Server,s can't initiate a conversation and get the client to do anything it doesn't want to or know how to do. – Shiv Kumar Feb 23 '11 at 03:51