Remove From My Forums

Hosting WCF: IIS Vs Windows Service

Question
0

Sign in to vote

WCF can be hosted in different hosting environment. I want to which is the safest way to host WCF. Is it IIS or Windows Service. My Requirement is that thw WCF Client should access the service from outside the firewall(ie. via INTERNET). To expose WCF in IIS i need to enable the "Anonymous Access" in IIS, though the message reply & response happens via secured communication via https with Certificate authentication, will this make the system running the IIS open to attack.

In one line, from the hacking/security perspective, IIS is best or Windows service is best for host WCF.

Thanks in advance.
Anand

Thursday, November 5, 2009 1:04 PM

Answers

0

Sign in to vote
Hi Anand

   In your case , I notice that your requirement is "WCF Client should access the service from outside the firewall(ie. via INTERNET). "

   So this means we need to straight away look at IIS as the way to go . So it would be IIS ....

   and Securing a Service means either at the Transport level [https] / Message Level [using message level encrpyption] . So IIS is the only/better host in this case

Anand R
- Proposed as answer by Anand.Ranganathan Friday, November 6, 2009 6:52 AM
- Marked as answer by Bin-ze Zhao Wednesday, November 11, 2009 10:21 AM
Friday, November 6, 2009 4:19 AM

All replies

0

Sign in to vote
Hi Anand

   In your case , I notice that your requirement is "WCF Client should access the service from outside the firewall(ie. via INTERNET). "

   So this means we need to straight away look at IIS as the way to go . So it would be IIS ....

   and Securing a Service means either at the Transport level [https] / Message Level [using message level encrpyption] . So IIS is the only/better host in this case

Anand R
- Proposed as answer by Anand.Ranganathan Friday, November 6, 2009 6:52 AM
- Marked as answer by Bin-ze Zhao Wednesday, November 11, 2009 10:21 AM
Friday, November 6, 2009 4:19 AM
2

Sign in to vote

Greetings,

Some links are given below

ASP.NET Security Architecture
http://msdn.microsoft.com/en-us/library/yedba920.aspx

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
http://msdn.microsoft.com/en-us/library/aa302415.aspx

An Introductory Guide to Building and Deploying More Secure Sites with ASP.NET and IIS
http://msdn.microsoft.com/en-us/magazine/cc301387.aspx

ASP.NET Security Overview
http://support.microsoft.com/kb/306590

Securing ASP.NET Web Sites
http://msdn.microsoft.com/en-us/library/91f66yxt.aspx

ASP.NET Configuration Overview
http://msdn.microsoft.com/en-us/library/ms178683.aspx

ASP.NET Security Data Flow
http://msdn.microsoft.com/en-us/library/xa68twcb.aspx

ASP.NET Authentication
http://msdn.microsoft.com/en-us/library/eeyk640h.aspx

ASP.NET Authorization
http://msdn.microsoft.com/en-us/library/wce3kxhd.aspx

Encrypting web.config file sections
http://www.codeproject.com/KB/aspnet/ASPNET_20_Webconfig.aspx

Key Security Concepts
http://msdn.microsoft.com/en-us/library/z164t8hs.aspx

Forms Authentication Provider
http://msdn.microsoft.com/en-us/library/9wff0kyh.aspx

Managing Users by Using Membership
http://msdn.microsoft.com/en-us/library/tw292whz.aspx

Some additional links are given relation to WCF Security in ASP.NET. VERY IMPORTANT GO THROUGH IT.

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
Chapter 13: Internet - WCF and ASMX Client to Remote WCF Using Transport Security (Original Caller, HTTP)
http://msdn.microsoft.com/en-us/library/cc949024.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
PART II: WCF Security Fundamentals
http://msdn.microsoft.com/en-us/library/cc949056.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
Practices at a Glance: WCF Security
http://msdn.microsoft.com/en-us/library/cc949062.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
WCF Security Guidelines
http://msdn.microsoft.com/en-us/library/cc949068.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
WCF Security Questions and Answers (Q&A)
http://msdn.microsoft.com/en-us/library/cc949043.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
How-to Articles
http://msdn.microsoft.com/en-us/library/cc949079.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
WCF Security Resources

http://msdn.microsoft.com/en-us/library/cc949009.aspx

Hope this helps you out.

Take Care

PL
Helping People To Solve Technical Problems

Friday, November 6, 2009 4:57 AM
2

Sign in to vote
Greetings,

Some additional links are given below

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
Intranet Application Scenarios
http://msdn.microsoft.com/en-us/library/cc949094.aspx

Improving Web Services Security: Scenarios and Implementation Guidance for WCF
Internet Application Scenarios
http://msdn.microsoft.com/en-us/library/cc949016.aspx

Hope this helps you out.

Take Care

PL
Helping People To Solve Technical Problems
- Proposed as answer by Miss Jen99 Tuesday, November 10, 2009 8:17 PM
Friday, November 6, 2009 5:00 AM
0

Sign in to vote

Hi,
I agree with Anand R.
He is corerect.
for WCF Service,You can secure your WCF Service with the help of IIS default safety functinalities.
Windows service also can make it,But You have to implement lots of codes your self for WCF service Safety.

Regards
Frank Xu Lei--谦卑若愚，好学若饥
专注于.NET平台下分布式应用系统开发和企业应用系统集成
Focus on Distributed Applications Development and EAI based on .NET
欢迎访问老徐的中文技术博客：Welcome to My Chinese Technical Blog
欢迎访问微软WCF中文技术论坛：Welcome to Microsoft Chinese WCF Forum
欢迎访问微软WCF英文技术论坛：Welcome to Microsoft English WCF Forum

Friday, November 6, 2009 5:12 AM
1

Sign in to vote

Thanks PL for these valuable links. It helped (will help) me to learn new things and stuff that am currently exploring.

Friday, November 6, 2009 6:38 AM

Answered by:

Hosting WCF: IIS Vs Windows Service

Question

Answers

All replies