Preventing Replay Attacks When a WCF Service is Hosted in a Web Farm

.NET Framework (current version)

When using message security WCF prevents replay attacks by creating a NONCE out of the incoming message and checking the internal InMemoryNonceCache to see if the generated NONCE is present. If it is, the message is discarded as a replay. When a WCF service is hosted in a web farm, since the InMemoryNonceCache is not shared across the nodes in the web farm, the service is vulnerable to replay attacks. To mitigate this scenario WCF 4.5 provides an extensibility point that allows you to implement your own shared NONCE cache by deriving a class from the abstract class T:System.ServiceModel.Security.NoneCache.

To implement your own shared NONCE cache, derive a class from T:System.ServiceModel.Security.NoneCache and override the M:System.ServiceModel.Security.NoneCache.CheckNonce(System.Byte[]) and M:System.ServiceModel.Security.NoneCache.TryAddNonce(System.Byte[]) methods. M:System.ServiceModel.Security.NoneCache.CheckNonce(System.Byte[]) will check to see if the specified NONCE exists in the cache. M:System.ServiceModel.Security.NoneCache.TryAddNonce(System.Byte[]) will attempt to add a NONCE to the cache. Once the class is implemented, you hook it up by instantiating an instance and assigning it to P:System.ServiceModel.Channels.SecurityBindingElement.LocalClientSecuritySettings.NonceCache for client-side replay detection and P:System.ServiceModel.Channels.SecurityBindingElement.LocalServiceSecuritySettings.NonceCache for server-side replay detection. There is no out of the box configuration support for this feature.

Message Security