Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Preventing Replay Attacks When a WCF Service is Hosted in a Web Farm

.NET Framework 4.5

When using message security WCF prevents replay attacks by creating a NONCE out of the incoming message and checking the internal InMemoryNonceCache to see if the generated NONCE is present. If it is, the message is discarded as a replay. When a WCF service is hosted in a web farm, since the InMemoryNonceCache is not shared across the nodes in the web farm, the service is vulnerable to replay attacks. To mitigate this scenario WCF 4.5 provides an extensibility point that allows you to implement your own shared NONCE cache by deriving a class from the abstract class NoneCache.

To implement your own shared NONCE cache, derive a class from NoneCache and override the CheckNonce and TryAddNonce methods. CheckNonce will check to see if the specified NONCE exists in the cache. TryAddNonce will attempt to add a NONCE to the cache. Once the class is implemented, you hook it up by instantiating an instance and assigning it to NonceCache for client-side replay detection and NonceCache for server-side replay detection. There is no out of the box configuration support for this feature.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.