Prescriptive Security Guidance for Durable Services

The following is a set of security guidelines to use when creating and deploying durable services.

• Lock down access to your persistence database and perform database auditing to review for any access violations and prevent malicious users from modifying or deleting the serialized form of the service instance.

• Use the MaxConcurrentSessions and MaxConcurrentInstances properties to control the maximum cache size used for active instance contexts. This will keep malicious users from consuming all available memory on your server if they flood your durable service with multiple instance activation messages.

• Implement durable replay detection mechanisms to keep users from performing replay attacks after service instance information has been persisted and the host solution has been recycled, or if an attacker replays a message to a different node in a Web farm. Follow the WCF security best practices at Replay Attacks.

• Implement instance-specific access control mechanisms using WCF extensibility points to prevent malicious users from impersonating valid users by sending a message with a context belonging to a valid user.

• Use EncryptandSign or the Https transport protocol to prevent malicious users from reading a confidential context header or cookie information in transit between client and service.

• Protect any configuration files with ACLs and optionally encrypt the connection string held in the connectionStrings element to prevent malicious users from discovering the connection string you use to connect to your database.

• Understand that when using a context binding for session transport, identity is not immutable during the lifetime of a session.

See Also

Other Resources

Security Considerations for Workflow Services and Durable Services